漏洞描述
CoreHR Core Portal是一套人力资源管理系统。 CoreHR Core Portal 27.0.7之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
CoreHR Core Portal 跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- itsourcecode Open Source Job Portal SQL注入漏洞
- 用友U8Cloud /servlet/~uap/nc.merp.bs.maportal.NCPortalServlet XML 外部实体注入漏洞
- mojoPortal imagehandler存在任意文件读取漏洞
- POC CVE-2010-1312: Joomla! Component News Portal 1.5.x - Local File Inclusion
- POC CVE-2015-3897: Bonita BPM Portal <6.5.3 - Local File Inclusion
- POC CVE-2017-14186: FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
- POC CVE-2020-7961: Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution
- POC CVE-2022-32409: Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
- POC CVE-2022-42118: Liferay Portal - Cross-site Scripting
- POC CVE-2023-24322: mojoPortal 2.7.0.0 - Cross-Site Scripting
- POC CVE-2023-44012: mojoPortal v.2.7.0.0 - Cross-Site Scripting
- POC CVE-2023-4490: WordPress Job Portal < 2.0.6 - SQL Injection
- POC CVE-2025-28367: mojoPortal <=2.9.0.1 - Directory Traversal