A cross-site-scripting (XSS) issue was discovered in HRworks (classic) 3.36.9. An attacker could exploit this by storing persistent scripts which would lead to unwanted code execution when visiting an affected page.
Stored XSS - HRworks (classic) v3.36.9
Sven Grossmann / Lufthansa Industry Solutions
https://github.com/svennergr / https://twitter.com/svennergr
https://www.lufthansa-industry-solutions.com
webapps
CVE-2019-16416