CVE-2024-2634

Description

A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint /sse_generico/generico_login.jsp is vulnerable to XSS attack via lang query, i.e. /sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f&params=.