RSS   Podatności dla 'Icehrm'   RSS

2022-04-08
 
CVE-2022-26588

CWE-352
 

 
A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.

 
2021-10-04
 
CVE-2021-38822

CWE-79
 

 
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.

 
 
CVE-2021-38823

CWE-613
 

 
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.

 
2021-06-22
 
CVE-2021-34243

CWE-79
 

 
A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.

 
 
CVE-2021-34244

CWE-352
 

 
A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.

 
 
CVE-2021-35045

CWE-79
 

 
Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.

 
 
CVE-2021-35046

CWE-384
 

 
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.

 
2020-07-10
 
CVE-2020-6114

CWE-89
 

 
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.

 
2020-02-18
 
CVE-2020-9271

CWE-352
 

 
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.

 
 
CVE-2020-9270

CWE-352
 

 
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top