Filtered by vendor Icehrm
Subscribe
Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38822 | 1 Icehrm | 1 Icehrm | 2021-10-08 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. | |||||
| CVE-2021-35046 | 1 Icehrm | 1 Icehrm | 2021-06-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie. | |||||
| CVE-2021-34243 | 1 Icehrm | 1 Icehrm | 2021-06-25 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file. | |||||
| CVE-2021-35045 | 1 Icehrm | 1 Icehrm | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint. | |||||
| CVE-2020-9271 | 1 Icehrm | 1 Icehrm | 2020-02-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php. | |||||