Icehrm

Icehrm

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-46073

  • EPSS 0.36%
  • Veröffentlicht 06.01.2025 18:15:19
  • Zuletzt bearbeitet 06.01.2025 20:15:34

A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. ...

6.1

CVE-2023-6282

  • EPSS 0.08%
  • Veröffentlicht 25.01.2024 12:15:45
  • Zuletzt bearbeitet 21.11.2024 08:43:31

IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a speci...

6.5

CVE-2022-26588

Exploit
  • EPSS 0.16%
  • Veröffentlicht 08.04.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:54:10

A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.

6.1

CVE-2022-25013

Exploit
  • EPSS 0.24%
  • Veröffentlicht 28.02.2022 19:15:12
  • Zuletzt bearbeitet 21.11.2024 06:51:32

Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.

6.1

CVE-2022-25014

Exploit
  • EPSS 0.24%
  • Veröffentlicht 28.02.2022 19:15:12
  • Zuletzt bearbeitet 21.11.2024 06:51:32

Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction wi...

5.4

CVE-2022-25015

Exploit
  • EPSS 0.21%
  • Veröffentlicht 28.02.2022 19:15:12
  • Zuletzt bearbeitet 21.11.2024 06:51:32

A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.

5.4

CVE-2021-38822

Exploit
  • EPSS 0.34%
  • Veröffentlicht 04.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:04

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.

9.8

CVE-2021-38823

Exploit
  • EPSS 0.38%
  • Veröffentlicht 04.10.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:04

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.

5.4

CVE-2021-34243

Exploit
  • EPSS 0.19%
  • Veröffentlicht 22.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:10:03

A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user v...

8.8

CVE-2021-34244

Exploit
  • EPSS 0.14%
  • Veröffentlicht 22.06.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:10:03

A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.