Vulnerabilities > Icehrm > Icehrm > 29.0.0.os

DATE CVE VULNERABILITY TITLE RISK
2021-06-22 CVE-2021-34243 Cross-site Scripting vulnerability in Icehrm 29.0.0.Os
A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab.
network
icehrm CWE-79
3.5
3.5
2021-06-22 CVE-2021-34244 Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 29.0.0.Os
A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.
network
icehrm CWE-352
6.8
6.8
2021-06-22 CVE-2021-35045 Cross-site Scripting vulnerability in Icehrm 29.0.0.Os
Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.
network
low complexity
icehrm CWE-79
6.1
6.1
2021-06-22 CVE-2021-35046 Session Fixation vulnerability in Icehrm 29.0.0.Os
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.
network
low complexity
icehrm CWE-384
6.1
6.1