MintHCM
by MintHCM
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25839 | Cri | 0.64 | 9.8 | 0.01 | Apr 26, 2021 | A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing. | ||
| CVE-2024-36656 | Med | 0.40 | 6.1 | 0.00 | Jun 14, 2024 | In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. | ||
| CVE-2021-25838 | Med | 0.40 | 6.1 | 0.01 | Apr 26, 2021 | The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload. |
- risk 0.64cvss 9.8epss 0.01
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
- risk 0.40cvss 6.1epss 0.00
In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack.
- risk 0.40cvss 6.1epss 0.01
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.