### [CVE-2014-1224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1224)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter to the default URI in /reg.

### POC

#### Reference
- http://seclists.org/fulldisclosure/2014/Mar/389
- https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-002/-rexx-recruitment-cross-site-scripting-in-user-registration

#### Github
No PoCs found on GitHub currently.