Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icehrm icehrm vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-34243
A stored cross site scripting (XSS) vulnerability exists in Ice Hrm 29.0.0.OS which allows malicious users to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the...
Icehrm Icehrm 29.0.0.os
6.8
CVSSv2
CVE-2021-34244
A cross site request forgery (CSRF) vulnerability exists in Ice Hrm 29.0.0.OS which allows malicious users to create new admin accounts or change users' passwords.
Icehrm Icehrm 29.0.0.os
4.3
CVSSv2
CVE-2022-25014
Ice Hrm 30.0.0.OS exists to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows malicious users to compromise session credentials via user interaction with a crafted link.
Icehrm Icehrm 30.0.0.os
4.3
CVSSv2
CVE-2022-25013
Ice Hrm 30.0.0.OS exists to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.
Icehrm Icehrm 30.0.0.os
3.5
CVSSv2
CVE-2022-25015
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows malicious users to steal cookies via a crafted payload inserted into the First Name field.
Icehrm Icehrm 30.0.0.os
NA
CVE-2022-265881
ICEHRM version 31.0.0.0S cross site request forgery exploit that demonstrates account deletion. This finding varies from the original finding of cross site request forgery in the same software from the same researcher.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2