Medium severity6.1NVD Advisory· Published Aug 13, 2021· Updated Jun 17, 2026
CVE-2021-38583
CVE-2021-38583
Description
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- openBaraza/HCMdescription
- Range: <3.1.6
Patches
Vulnerability mechanics
References
2- sourceforge.net/projects/obhrms/nvdThird Party Advisory
- openbaraza.orgnvdProduct
News mentions
0No linked articles in our index yet.