CVE-2011-5258
OrangeHRM < 2.6.11.2 - Cross-Site Scripting via uniqcode, isAdmin, or PATH_INFO
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2011-5258. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary The provided code is a writeup describing an XSS vulnerability in OrangeHRM 2.6.11. It includes a proof-of-concept URL demonstrating the vulnerability but does not contain executable exploit code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
Exploits (2)
The provided code is a writeup describing an XSS vulnerability in OrangeHRM 2.6.11. It includes a proof-of-concept URL demonstrating the vulnerability but does not contain executable exploit code.
The provided text describes SQL injection and XSS vulnerabilities in OrangeHRM 2.6.11, including example URLs demonstrating XSS payloads. No actual exploit code is present.