CVE-2019-11559

Name of the Vulnerable Software and Affected Versions HRworks version 1.16.1

Description A reflected Cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the URL parameter to the Login component. This can be achieved by manipulating the URL to include malicious script, which is then reflected back to the user, potentially allowing for unauthorized actions.

Recommendations For HRworks version 1.16.1, consider validating and sanitizing all user-input data, especially URL parameters, to prevent malicious script injection. As a temporary workaround, restrict access to the Login component until a patch is available.