CVE-2011-5258
Orangehrm < 2.6.11 - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36379
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36380
References (8)
Scores
EPSS
0.0650
EPSS Percentile
91.0%
Details
CWE
CWE-79
Status
published
Products (15)
orangehrm/orangehrm
< 2.6.11
orangehrm/orangehrm
orangehrm/orangehrm
orangehrm/orangehrm
orangehrm/orangehrm
orangehrm/orangehrm
orangehrm/orangehrm
orangehrm/orangehrm
orangehrm/orangehrm
orangehrm/orangehrm
... and 5 more
Published
Feb 12, 2013
Tracked Since
Feb 18, 2026