Vulnerabilities > Icehrm

DATE CVE VULNERABILITY TITLE RISK
2024-01-25 CVE-2023-6282 Cross-site Scripting vulnerability in Icehrm 23.0.0.Os
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters.
network
low complexity
icehrm CWE-79
6.1
2022-04-08 CVE-2022-26588 Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 31.0.0.Os
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.
network
low complexity
icehrm CWE-352
6.5
2022-02-28 CVE-2022-25013 Cross-site Scripting vulnerability in Icehrm 30.0.0.Os
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.
network
low complexity
icehrm CWE-79
6.1
2022-02-28 CVE-2022-25014 Cross-site Scripting vulnerability in Icehrm 30.0.0.Os
Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user.
network
low complexity
icehrm CWE-79
6.1
2022-02-28 CVE-2022-25015 Cross-site Scripting vulnerability in Icehrm 30.0.0.Os
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.
network
low complexity
icehrm CWE-79
5.4
2021-10-04 CVE-2021-38822 Cross-site Scripting vulnerability in Icehrm 30.0.0.Os
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.
network
low complexity
icehrm CWE-79
5.4
2021-10-04 CVE-2021-38823 Insufficient Session Expiration vulnerability in Icehrm 30.0.0.Os
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue.
network
low complexity
icehrm CWE-613
critical
9.8
2021-06-22 CVE-2021-34243 Cross-site Scripting vulnerability in Icehrm 29.0.0.Os
A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab.
network
low complexity
icehrm CWE-79
5.4
2021-06-22 CVE-2021-34244 Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 29.0.0.Os
A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.
network
low complexity
icehrm CWE-352
8.8
2021-06-22 CVE-2021-35045 Cross-site Scripting vulnerability in Icehrm 29.0.0.Os
Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.
network
low complexity
icehrm CWE-79
6.1