CVE-2021-38583

Name of the Vulnerable Software and Affected Versions openBaraza HCM version 3.1.6

Description The issue arises from the software's failure to properly neutralize user-controllable input, leading to reflected cross-site scripting (XSS) on multiple pages, including hr/subscription.jsp, hr/application.jsp, and hr/index.jsp (with view= and data= parameters). This allows for potential malicious script execution.

Recommendations For openBaraza HCM version 3.1.6, consider disabling access to the affected pages (hr/subscription.jsp, hr/application.jsp, and hr/index.jsp) until a proper fix is available, and restrict the use of the view and data parameters in the hr/index.jsp page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.