2024-03-19 12:08:21
INCIBE
PUBLISHED
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint /sse_generico/generico_login.jsp is vulnerable to XSS attack via lang query, i.e. /sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f¶ms=.