Vulnerabilities > Orangehrm > Orangehrm > 4.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-06 | CVE-2022-27107 | Cross-site Scripting vulnerability in Orangehrm 4.10 OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter | 3.5 |
2022-04-06 | CVE-2022-27108 | Authorization Bypass Through User-Controlled Key vulnerability in Orangehrm 4.10 OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. | 4.0 |
2022-04-06 | CVE-2022-27109 | Open Redirect vulnerability in Orangehrm 4.10 OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability. | 4.9 |
2022-04-06 | CVE-2022-27110 | Open Redirect vulnerability in Orangehrm 4.10 OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint. | 4.9 |