Vulnerabilities > Iwcnetwork
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-30 | CVE-2017-17995 | Cross-site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. | 3.5 |
| 2017-12-30 | CVE-2017-17994 | Cross-site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. | 3.5 |
| 2017-12-30 | CVE-2017-17993 | Cross-site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. | 3.5 |
| 2017-12-30 | CVE-2017-17992 | Path Traversal vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | 5.0 |
| 2017-12-30 | CVE-2017-17991 | Cross-site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. | 3.5 |
| 2017-12-30 | CVE-2017-17990 | Cross-Site Request Forgery (CSRF) vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | 6.8 |
| 2017-12-30 | CVE-2017-17989 | Cross-site Scripting vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. | 3.5 |
| 2017-12-27 | CVE-2017-17876 | Permission Issues vulnerability in Iwcnetwork Shift 3.0 Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | 5.0 |