2024-03-19 12:03:45
INCIBE
PUBLISHED
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint /sitetest/english/dumpenv.jsp is vulnerable to XSS attack by lang query, i.e. /sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert(1)%3E¶ms.