| CVE-2018-12420 |
|
High |
Jun 14, 2018 |
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.
less...
|
5.1, 4.2, 4.1, 4.0, 3.2, 3.0.1, v5.3, v5.0, v5.2, 3.0
|
| BDSA-2022-0822 |
|
High |
Mar 29, 2022 |
IceHrm contains a cross-site request forgery (CSRF) vulnerability due to lack of security measure or tokens. An attacker could exploit this vulnerabili
more...
IceHrm contains a cross-site request forgery (CSRF) vulnerability due to lack of security measure or tokens. An attacker could exploit this vulnerability by sending a crafted link to another user to execute malicious actions on their behalf.
less...
|
|
| BDSA-2021-4528 |
|
High |
Aug 02, 2022 |
Ice Hrm is vulnerable to reflected cross-site scripting (XSS) due to the missing sanitization of `m` parameter in the Dashboard of the current user. An
more...
Ice Hrm is vulnerable to reflected cross-site scripting (XSS) due to the missing sanitization of `m` parameter in the Dashboard of the current user. An attacker could insert malicious JavaScript in those parameters and have the code executed on other users' browsers once the parameters are displayed. This vulnerability could be used to steal session tokens or execute actions on other users' behalf.
less...
|
|
| BDSA-2021-4527 |
|
High |
Aug 02, 2022 |
Ice Hrm is vulnerable to reflected cross-site scripting (XSS) due to the missing sanitization of `key` and `fm` parameters in the `login.php` component
more...
Ice Hrm is vulnerable to reflected cross-site scripting (XSS) due to the missing sanitization of `key` and `fm` parameters in the `login.php` component. An attacker could insert malicious JavaScript in those parameters and have the code executed on other users' browsers once the parameters are displayed. This vulnerability could be used to steal session tokens or execute actions on other users' behalf.
less...
|
|
| BDSA-2021-4526 |
|
High |
Aug 02, 2022 |
Ice Hrm is vulnerable to stored cross-site scripting (XSS) due to the missing sanitization of users' First Name field. An attacker could insert malicio
more...
Ice Hrm is vulnerable to stored cross-site scripting (XSS) due to the missing sanitization of users' First Name field. An attacker could insert malicious JavaScript as their first name and have the code executed on other users' browsers once they attempt to view the name. This vulnerability could be used to steal session tokens or execute actions on other users' behalf.
less...
|
|
| BDSA-2020-1018 |
|
High |
May 07, 2020 |
IceHrm contains a cross-site request forgery (CSRF) vulnerability in `app/service.php` due to a lack of security measures or CSRF tokens. An attacker c
more...
IceHrm contains a cross-site request forgery (CSRF) vulnerability in `app/service.php` due to a lack of security measures or CSRF tokens. An attacker could exploit this vulnerability by sending a crafted link or malicious web form to an admin user in order to add arbitrary users.
less...
|
|
| BDSA-2020-1003 |
|
High |
May 07, 2020 |
IceHrm contains a cross-site request forgery (CSRF) vulnerability in `app/service.php` due to a lack of CSRF tokens. An attacker could exploit this vul
more...
IceHrm contains a cross-site request forgery (CSRF) vulnerability in `app/service.php` due to a lack of CSRF tokens. An attacker could exploit this vulnerability by sending a crafted link or malicious web form to an admin user in order to execute arbitrary password changes.
less...
|
|
