PT-2014-4023 · Rexx · Rexx Recruitment
Published
2014-10-06
·
Updated
2018-10-09
·
CVE-2014-1224
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
rexx Recruitment versions R6.1 through R7 without fixes from 2014-01-15
Description
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via the
oninput event handler in the fname parameter to the default URI in "/reg".Recommendations
For versions R6.1 through R7 without fixes from 2014-01-15, apply the fixes from 2014-01-15 to resolve the issue.
As a temporary workaround, consider restricting access to the user registration feature or disabling the
oninput event handler in the fname parameter to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rexx Recruitment