Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icehrm vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-12420
IceHrm prior to 23.0.1.OS has a risky usage of a hashed password in a request.
Icehrm Icehrm
4.3
CVSSv2
CVE-2022-26588
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows malicious users to delete arbitrary users or achieve account takeover via the app/service.php URI.
Icehrm Icehrm 31.0.0.os
3.5
CVSSv2
CVE-2021-34243
A stored cross site scripting (XSS) vulnerability exists in Ice Hrm 29.0.0.OS which allows malicious users to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the...
Icehrm Icehrm 29.0.0.os
6.8
CVSSv2
CVE-2021-34244
A cross site request forgery (CSRF) vulnerability exists in Ice Hrm 29.0.0.OS which allows malicious users to create new admin accounts or change users' passwords.
Icehrm Icehrm 29.0.0.os
6.5
CVSSv2
CVE-2020-6114
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to tr...
Icehrm Icehrm 26.6.0.os
6.8
CVSSv2
CVE-2020-9270
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
Icehrm Icehrm 26.2.0.os
1 Github repository
4.3
CVSSv2
CVE-2020-9271
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
Icehrm Icehrm 26.2.0.os
1 Github repository
4.3
CVSSv2
CVE-2022-25013
Ice Hrm 30.0.0.OS exists to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.
Icehrm Icehrm 30.0.0.os
3.5
CVSSv2
CVE-2021-38822
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.
Icehrm Icehrm 30.0.0.os
7.5
CVSSv2
CVE-2021-38823
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.
Icehrm Icehrm 30.0.0.os
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987
buffer overflow
CVE-2024-28890
CVE-2024-27574
CVE-2024-27347
CVE-2024-31450
privilege
SSTI
CVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »