A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-22
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Score
6.6
EPSS Score
0.018
Published
2020-07-10
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-02-18
ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-02-18
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-06-14
Page 2