Vulnerabilities > Icehrm > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-25 CVE-2023-6282 Cross-site Scripting vulnerability in Icehrm 23.0.0.Os
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters.
network
low complexity
icehrm CWE-79
6.1
6.1
2022-04-08 CVE-2022-26588 Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 31.0.0.Os
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.
network
low complexity
icehrm CWE-352
6.5
6.5
2022-02-28 CVE-2022-25013 Cross-site Scripting vulnerability in Icehrm 30.0.0.Os
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.
network
icehrm CWE-79
4.3
4.3
2022-02-28 CVE-2022-25014 Cross-site Scripting vulnerability in Icehrm 30.0.0.Os
Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user.
network
icehrm CWE-79
4.3
4.3
2021-06-22 CVE-2021-34244 Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 29.0.0.Os
A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.
network
icehrm CWE-352
6.8
6.8
2021-06-22 CVE-2021-35045 Cross-site Scripting vulnerability in Icehrm 29.0.0.Os
Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.
network
low complexity
icehrm CWE-79
6.1
6.1
2021-06-22 CVE-2021-35046 Session Fixation vulnerability in Icehrm 29.0.0.Os
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.
network
low complexity
icehrm CWE-384
6.1
6.1
2020-07-10 CVE-2020-6114 SQL Injection vulnerability in Icehrm 26.6.0.Os
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) .
network
low complexity
icehrm CWE-89
6.5
6.5
2020-02-18 CVE-2020-9271 Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
network
icehrm CWE-352
4.3
4.3
2020-02-18 CVE-2020-9270 Cross-Site Request Forgery (CSRF) vulnerability in Icehrm 26.2.0.Os
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
network
icehrm CWE-352
6.8
6.8