Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Learningdigital Subscribe
Filtered by product Orca Hcm

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35968 1 Learningdigital 1 Orca Hcm 2021-07-29 4.0 MEDIUM 4.3 MEDIUM
The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges.
CVE-2021-35967 1 Learningdigital 1 Orca Hcm 2021-07-29 5.0 MEDIUM 5.3 MEDIUM
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.
CVE-2021-35966 1 Learningdigital 1 Orca Hcm 2021-07-28 5.8 MEDIUM 6.1 MEDIUM
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.