Summary
A cross-site-scripting (XSS) issue was discovered in HRworks FLOW 3.36.9. An attacker could exploit this by storing persistent scripts which would lead to unwanted code execution when visiting an affected page.
Export Title
Stored XSS - HRworks FLOW v3.36.9
Vendor Homepage
Exploit Author
Sven Grossmann / Lufthansa Industry Solutions
Contact
https://github.com/svennergr / https://twitter.com/svennergr
Website
https://www.lufthansa-industry-solutions.com
Category
webapps
CVE
CVE-2019-16417

