CVE-2018-12650

MEDIUM

Adrenalin HRMS <5.4.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12650. PoCs published by Cy83rl0gger.

AI-analyzed exploit summary This is a writeup describing a reflected XSS vulnerability in Adrenalin Core HCM 5.4.0. The vulnerability allows an attacker to inject malicious JavaScript via the 'prntDDLCntrlName' and 'prntFrmName' parameters, which is then echoed back in the HTML response.

Description

Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.

Exploits (1)

exploitdb WRITEUP

by Cy83rl0gger · textwebappsaspx

https://www.exploit-db.com/exploits/47613

View Code ZIP pw:eip

This is a writeup describing a reflected XSS vulnerability in Adrenalin Core HCM 5.4.0. The vulnerability allows an attacker to inject malicious JavaScript via the 'prntDDLCntrlName' and 'prntFrmName' parameters, which is then echoed back in the HTML response.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Adrenalin Core HCM 5.4.0

No auth needed

Prerequisites: Access to the vulnerable application URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources

https://www.securethy.com/2018/10/CVE-2018-12650-reflected-XSS.html

Exploit, Third Party Advisory

https://www.knowcybersec.com/2018/10/CVE-2018-12650-reflected-XSS.html

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/155232/Adrenalin-Core-HCM-5.4.0-Cross-Site-Scripting.html

Scores

CVSS v3 6.1

EPSS 0.0261

EPSS Percentile 83.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

myadrenalin/human_resource_management_software 5.4.0

Published Oct 24, 2018

Tracked Since Feb 18, 2026