CVE-2018-12234
23Vexday Risk Score
No sign of exploitation. It has a public proof of concept.
ssvc Attendepss 2.9%
from disclosure to weapon432 days
Published on NVDSep 6
1st PoC+432d
exploitation probability
2.9%top 14% of all CVEs
observed exploitation
nono source reports it
2 public exploit(s)
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/155231/Adrenalin-Core-HCM-5.4.0-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47611unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/155231/Adrenalin-Core-HCM-5.4.0-Cross-Site-Scripting.htmlhttps://www.knowcybersec.com/2018/09/first-cve-2018-12234-reflected-XSS.htmlhttps://www.securethy.com/2018/09/first-cve-2018-12234-reflected-XSS.htmlhttps://www.thecysec.in/2020/04/xxs-adrenalin-generalinfo-cve-id.html