CVE-2022-43317

Name of the Vulnerable Software and Affected Versions Human Resource Management System version 1.0

Description A cross-site scripting (XSS) issue in the "/hrm/index.php?msg" API endpoint allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Recommendations For Human Resource Management System version 1.0, consider disabling access to the "/hrm/index.php?msg" API endpoint until a patch is available. As a temporary workaround, restrict the use of the msg parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.