PT-2021-11845 · Unknown · Persis Human Resource Management Portal
User_X73X76X6E
·
Published
2021-01-22
·
Updated
2022-10-07
·
CVE-2020-35753
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Persis Human Resource Management Portal versions 17.2.00 through 17.2.35
Persis Human Resource Management Portal versions 19.0.00 through 19.0.20
Description:
The job posting recommendation form in the Persis Human Resource Management Portal allows XSS via the
SENDER parameter when the "Recommend job posting" function is enabled.Recommendations:
For versions 17.2.00 through 17.2.35, consider disabling the "Recommend job posting" function until a patch is available.
For versions 19.0.00 through 19.0.20, consider disabling the "Recommend job posting" function until a patch is available.
As a temporary workaround, avoid using the
SENDER parameter in the affected form until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Persis Human Resource Management Portal