A cross-site-scripting (XSS) issue was discovered in HRworks FLOW 3.36.9. An attacker could exploit this by storing persistent scripts which would lead to unwanted code execution when visiting an affected page.
Stored XSS - HRworks FLOW v3.36.9
Sven Grossmann / Lufthansa Industry Solutions
https://github.com/svennergr / https://twitter.com/svennergr
https://www.lufthansa-industry-solutions.com
webapps
CVE-2019-16417