Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icehrm icehrm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-12420
IceHrm prior to 23.0.1.OS has a risky usage of a hashed password in a request.
Icehrm Icehrm
6.5
CVSSv3
CVE-2022-26588
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows malicious users to delete arbitrary users or achieve account takeover via the app/service.php URI.
Icehrm Icehrm 31.0.0.os
6.1
CVSSv3
CVE-2022-25014
Ice Hrm 30.0.0.OS exists to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows malicious users to compromise session credentials via user interaction with a crafted link.
Icehrm Icehrm 30.0.0.os
6.1
CVSSv3
CVE-2023-6282
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payloa...
Icehrm Icehrm 23.0.0.os
7.2
CVSSv3
CVE-2020-6114
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to tr...
Icehrm Icehrm 26.6.0.os
5.4
CVSSv3
CVE-2021-38822
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.
Icehrm Icehrm 30.0.0.os
6.1
CVSSv3
CVE-2022-25013
Ice Hrm 30.0.0.OS exists to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.
Icehrm Icehrm 30.0.0.os
5.4
CVSSv3
CVE-2022-25015
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows malicious users to steal cookies via a crafted payload inserted into the First Name field.
Icehrm Icehrm 30.0.0.os
6.1
CVSSv3
CVE-2021-35045
Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows malicious users to execute arbitrary code via the parameters to the /app/ endpoint.
Icehrm Icehrm 29.0.0.os
6.1
CVSSv3
CVE-2021-35046
A session fixation vulnerability exists in Ice Hrm 29.0.0 OS which allows an malicious user to hijack a valid user session via a crafted session cookie.
Icehrm Icehrm 29.0.0.os
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »