Medium severity6.1NVD Advisory· Published Aug 13, 2021· Updated Jun 17, 2026
CVE-2021-38619
CVE-2021-38619
Description
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- openBaraza/HCMdescription
- Range: <3.1.6
Patches
Vulnerability mechanics
References
2- sourceforge.net/projects/obhrms/nvdThird Party Advisory
- openbaraza.orgnvdProduct
News mentions
0No linked articles in our index yet.