Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icehrm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-38823
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.
Icehrm Icehrm 30.0.0.os
6.1
CVSSv3
CVE-2023-6282
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payloa...
Icehrm Icehrm 23.0.0.os
5.4
CVSSv3
CVE-2021-38822
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.
Icehrm Icehrm 30.0.0.os
6.1
CVSSv3
CVE-2021-35046
A session fixation vulnerability exists in Ice Hrm 29.0.0 OS which allows an malicious user to hijack a valid user session via a crafted session cookie.
Icehrm Icehrm 29.0.0.os
8.8
CVSSv3
CVE-2021-34244
A cross site request forgery (CSRF) vulnerability exists in Ice Hrm 29.0.0.OS which allows malicious users to create new admin accounts or change users' passwords.
Icehrm Icehrm 29.0.0.os
NA
CVE-2022-265881
ICEHRM version 31.0.0.0S cross site request forgery exploit that demonstrates account deletion. This finding varies from the original finding of cross site request forgery in the same software from the same researcher.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2