VYPR

Icehrm

by gamonoid

Source repositories

CVEs (7)

  • CVE-2024-46073MedJan 6, 2025
    risk 0.40cvss 6.1epss 0.00

    A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. An attacker can exploit this…

  • CVE-2023-6282Jan 25, 2024
    risk 0.00cvss epss 0.00

    IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript…

  • CVE-2022-26588Apr 8, 2022
    risk 0.00cvss epss 0.01

    A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI.

  • CVE-2022-25013Feb 28, 2022
    risk 0.00cvss epss 0.01

    Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.

  • CVE-2021-38823Oct 4, 2021
    risk 0.00cvss epss 0.01

    The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.

  • CVE-2020-6114Jul 10, 2020
    risk 0.00cvss epss 0.02

    An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to…

  • CVE-2018-12420HigJun 14, 2018
    risk 0.00cvss 7.5epss 0.01

    IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.