Icehrm: >> Icehrm >> 29.0.0.os Security Vulnerabilities
A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-06-22
A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-06-22
Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-06-22
A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-22