Icehrm: >> Icehrm >> 30.0.0.os Security Vulnerabilities
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-02-28
Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-28
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-28
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-04
The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-10-04