CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities via the "key" and "fm" parameters in the component login.php...

6.1CVSS6.3AI score0.00328EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:3 a.m.•5 views

CVE-2022-25015

A stored cross-site scripting XSS vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field...

5.4CVSS5.4AI score0.00209EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:3 a.m.•6 views

CVE-2022-25014

Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting XSS vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link...

6.1CVSS6AI score0.00328EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:53 p.m.•9 views

CVE-2021-35046

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie...

6.1CVSS6.7AI score0.002EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:53 p.m.•5 views

CVE-2021-35045

Cross site scripting XSS vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint...

6.1CVSS6.4AI score0.00396EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:50 p.m.•4 views

CVE-2021-34243

A stored cross site scripting XSS vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file...

5.4CVSS5.6AI score0.00185EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:50 p.m.•5 views

CVE-2021-34244

A cross site request forgery CSRF vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords...

8.8CVSS6.7AI score0.00141EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:43 p.m.•8 views

CVE-2020-9270

ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php...

8.8CVSS7.1AI score0.00177EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:43 p.m.•5 views

CVE-2020-9271

ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php...

6.5CVSS6.9AI score0.00161EPSS

Exploits1References1

CNVD•added 2022/03/02 12:0 a.m.•16 views

Ice Hrm Cross-Site Scripting Vulnerability (CNVD-2022-67480)

Ice Hrm is a human resource management system, and a cross-site scripting vulnerability exists in Ice Hrm version 30.0.0.OS. The vulnerability stems from the inability of the IceHRM website to effectively filter html tags in user input, which could be exploited by a logged-in attacker to steal...

5.4CVSS2.1AI score0.00209EPSS

Exploits1References1

CNVD•added 2022/03/02 12:0 a.m.•16 views

Ice Hrm Cross-Site Scripting Vulnerability (CNVD-2022-67479)

Ice Hrm is a human resource management system. Ice Hrm version 30.0.0.OS is vulnerable to a cross-site scripting vulnerability caused by a lack of data validation filtering of user-supplied and output data in the "m" parameter of the user dashboard. An attacker could exploit this vulnerability to...

6.1CVSS2.6AI score0.00328EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by