CVE-2015-1035 - Vulnerability in HRIS software (HRMS product) - Reflective XSS

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

Reflective Cross Site Scripting in HRIS software (HRMS product)

A vulnerability in the HRIS software (HRMS product) leads to a reflective cross site scripting.

Details about vulnerability

There is an improper neutralization of input during web page generation in the F_NavForm parameter.

Version vulnerable

Versions belows 4.17 are vulnerable. This vulnerability is fixed in version 4.17.


We are not aware of any fixes. The vendor was contacted the 9th January 2015 for more information.




CIRCL would like to thank the reporter.

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.


  • Version 1.0 - TLP:WHITE - First version (20150629)