VYPR
Unrated severityNVD Advisory· Published Jan 25, 2024· Updated Oct 18, 2024

Cross-Site Scripting vulnerability in IceHrm

CVE-2023-6282

Description

IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially hijacking the victim's browser.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • gamonoid/Icehrmllm-fuzzy
    Range: = 23.0.0.OS
  • IceHrm/IceHrmv5
    Range: 23.0.0.OS

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.