CVE-2018-12651

{"id": "CVE-2018-12651", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2018-12-20T23:29:00.377", "references": [{"url": "https://www.knowcybersec.com/2018/12/CVE-2018-12651-reflected-XSS.html", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.securethy.com/2018/12/CVE-2018-12651-reflected-XSS.html", "source": "[email protected]"}, {"url": "https://www.knowcybersec.com/2018/12/CVE-2018-12651-reflected-XSS.html", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the ShiftEmployeeSearch.aspx prntFrmName or prntDDLCntrlName parameter."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en el software Adrenalin 5.4 HRMS. Las entradas proporcionadas por el usuario que contienen JavaScript se repiten en el c\u00f3digo JavaScript de una respuesta HTML mediante los par\u00e1metros prntFrmName o prntDDLCntrlName en ShiftEmployeeSearch.aspx."}], "lastModified": "2026-03-02T16:16:19.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:myadrenalin:human_resource_management_software:5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A99FBA28-C9F9-4A16-9392-74E74E72D1BE"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}