CVE-2024-2634 Information

Description

A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint ‘/sse_generico/generico_login.jsp’ is vulnerable to XSS attack via ’lang’ query i.e. ‘/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f&params=’.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid