A cross-site-scripting (XSS) issue was discovered in HRworks (classic) 3.36.9. An attacker could exploit this by storing persistent scripts which would lead to unwanted code execution when visiting an affected page.
Stored XSS - HRworks (classic) v3.36.9