- Navigate to following URL:
- Add or Edit a Vacancy
- In the Vacancy Name parameter put XSS script
- Navigate back to top Vacancy page (click back button)
- Witness XSS
Screen prints in the gallery below. The images should be self-explanatory.The direct URL to the list of vacancy page is below.
I contacted OrangeHRM but did not receive a reply.