VYPR

ICE Hrm

by ICE Hrm

CVEs (7)

  • CVE-2021-34244HigJun 22, 2021
    risk 0.57cvss 8.8epss 0.01

    A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.

  • CVE-2020-9270HigFeb 18, 2020
    risk 0.57cvss 8.8epss 0.01

    ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.

  • CVE-2020-9271MedFeb 18, 2020
    risk 0.42cvss 6.5epss 0.00

    ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.

  • CVE-2021-35046MedJun 22, 2021
    risk 0.40cvss 6.1epss 0.01

    A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.

  • CVE-2021-35045MedJun 22, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.

  • CVE-2022-25015MedFeb 28, 2022
    risk 0.35cvss 5.4epss 0.01

    A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.

  • CVE-2021-34243MedJun 22, 2021
    risk 0.35cvss 5.4epss 0.01

    A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of…