CVE-2021-38619

EIP tracks 1 public exploit for CVE-2021-38619. PoCs published by charlesbickel.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2021-38619, an unauthenticated stored XSS vulnerability in openBaraza HCM HR Payroll v3.1.6. It includes vulnerable endpoints, payloads, and affected pages, demonstrating a clear understanding of the vulnerability mechanics.

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).