Vulnerabilities > Icehrm > Icehrm > 29.0.0.os
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-22 | CVE-2021-34243 | Cross-site Scripting vulnerability in Icehrm 29.0.0.Os A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. | 3.5 |
2021-06-22 | CVE-2021-34244 | Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 29.0.0.Os A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords. | 6.8 |
2021-06-22 | CVE-2021-35045 | Cross-site Scripting vulnerability in Icehrm 29.0.0.Os Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint. | 6.1 |
2021-06-22 | CVE-2021-35046 | Session Fixation vulnerability in Icehrm 29.0.0.Os A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. | 6.1 |