Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orangehrm orangehrm 4.10 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-27108
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.
Orangehrm Orangehrm 4.10
3.5
CVSSv2
CVE-2022-27107
OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameter
Orangehrm Orangehrm 4.10
4.9
CVSSv2
CVE-2022-27110
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint.
Orangehrm Orangehrm 4.10
4.9
CVSSv2
CVE-2022-27109
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.
Orangehrm Orangehrm 4.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started