Vulnerabilities > Icehrm

DATE CVE VULNERABILITY TITLE RISK
2021-06-22 CVE-2021-35046 Session Fixation vulnerability in Icehrm 29.0.0.Os
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.
network
low complexity
icehrm CWE-384
6.1
2020-07-10 CVE-2020-6114 SQL Injection vulnerability in Icehrm 26.6.0.Os
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) .
network
low complexity
icehrm CWE-89
6.5
2020-02-18 CVE-2020-9271 Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
network
icehrm CWE-352
4.3
2020-02-18 CVE-2020-9270 Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
network
icehrm CWE-352
6.8
2018-06-14 CVE-2018-12420 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Icehrm
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.
network
low complexity
icehrm CWE-327
5.0