Vulnerabilities > Icehrm
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-22 | CVE-2021-35046 | Session Fixation vulnerability in Icehrm 29.0.0.Os A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. | 6.1 |
2020-07-10 | CVE-2020-6114 | SQL Injection vulnerability in Icehrm 26.6.0.Os An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . | 7.2 |
2020-02-18 | CVE-2020-9271 | Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. | 6.5 |
2020-02-18 | CVE-2020-9270 | Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. | 8.8 |
2018-06-14 | CVE-2018-12420 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Icehrm IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request. | 7.5 |