Vulnerabilities > Icehrm > Icehrm > 30.0.0.os
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-28 | CVE-2022-25013 | Cross-site Scripting vulnerability in Icehrm 30.0.0.Os Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php. | 4.3 |
| 2022-02-28 | CVE-2022-25014 | Cross-site Scripting vulnerability in Icehrm 30.0.0.Os Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. | 4.3 |
| 2022-02-28 | CVE-2022-25015 | Cross-site Scripting vulnerability in Icehrm 30.0.0.Os A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field. | 3.5 |
| 2021-10-04 | CVE-2021-38822 | Cross-site Scripting vulnerability in Icehrm 30.0.0.Os A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. | 3.5 |
| 2021-10-04 | CVE-2021-38823 | Insufficient Session Expiration vulnerability in Icehrm 30.0.0.Os The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. | 7.5 |