Vulnerability Description
In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hr-Technologies | Easytorecruit | < 2.11 |
Related Weaknesses (CWE)
References
- https://www.excellium-services.com/cert-xlm-advisory/Third Party Advisory
- https://www.excellium-services.com/cert-xlm-advisory/cve-2019-11032/Third Party Advisory
- https://www.excellium-services.com/cert-xlm-advisory/Third Party Advisory
- https://www.excellium-services.com/cert-xlm-advisory/cve-2019-11032/Third Party Advisory
FAQ
What is CVE-2019-11032?
CVE-2019-11032 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In EasyToRecruit (E2R) before 2.11, the upload feature and the Candidate Profile Management feature are prone to Cross Site Scripting (XSS) injection in multiple locations.
How severe is CVE-2019-11032?
CVE-2019-11032 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11032?
Check the references section above for vendor advisories and patch information. Affected products include: Hr-Technologies Easytorecruit.