Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icehrm vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-12420
IceHrm prior to 23.0.1.OS has a risky usage of a hashed password in a request.
Icehrm Icehrm
3.5
CVSSv2
CVE-2021-34243
A stored cross site scripting (XSS) vulnerability exists in Ice Hrm 29.0.0.OS which allows malicious users to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the...
Icehrm Icehrm 29.0.0.os
3.5
CVSSv2
CVE-2022-25015
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows malicious users to steal cookies via a crafted payload inserted into the First Name field.
Icehrm Icehrm 30.0.0.os
6.8
CVSSv2
CVE-2020-9270
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
Icehrm Icehrm 26.2.0.os
1 Github repository
4.3
CVSSv2
CVE-2020-9271
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
Icehrm Icehrm 26.2.0.os
1 Github repository
NA
CVE-2023-6282
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payloa...
Icehrm Icehrm 23.0.0.os
4.3
CVSSv2
CVE-2021-35045
Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows malicious users to execute arbitrary code via the parameters to the /app/ endpoint.
Icehrm Icehrm 29.0.0.os
5.8
CVSSv2
CVE-2021-35046
A session fixation vulnerability exists in Ice Hrm 29.0.0 OS which allows an malicious user to hijack a valid user session via a crafted session cookie.
Icehrm Icehrm 29.0.0.os
4.3
CVSSv2
CVE-2022-25013
Ice Hrm 30.0.0.OS exists to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.
Icehrm Icehrm 30.0.0.os
4.3
CVSSv2
CVE-2022-25014
Ice Hrm 30.0.0.OS exists to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows malicious users to compromise session credentials via user interaction with a crafted link.
Icehrm Icehrm 30.0.0.os
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »