Lucene search
+L

78 matches found

CVE
CVE
added 2025/01/06 12:0 a.m.53 views

CVE-2024-46073

CVE-2024-46073 describes a reflected Cross‑Site Scripting (XSS) in IceHRM v32.4.0.OS login page. The root cause is improper sanitization of the user-controlled yet echoed “next” parameter, which is included in the response without proper escaping. This enables an attacker to lure a user to a craf...

6.1CVSS5.8AI score0.00374EPSS
Exploits0References2
NVD
NVD
added 2024/01/25 12:15 p.m.30 views

CVE-2023-6282

IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...

6.1CVSS5.5AI score0.00309EPSS
Exploits0References1
Prion
Prion
added 2024/01/25 12:15 p.m.20 views

Cross site scripting

IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...

5.8CVSS6AI score0.00309EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/25 11:37 a.m.13 views

CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm

IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...

5.4CVSS5.9AI score0.00309EPSS
Exploits0References1
CVE
CVE
added 2024/01/25 11:37 a.m.52 views

CVE-2023-6282

IceHrm 23.0.0.OS contains an XSS vulnerability in /icehrm/app/fileupload_page.php caused by insufficient encoding of user-controlled input across multiple parameters. An attacker could deliver a crafted JavaScript payload to partially hijack a victim’s browser. Exploitation details are not provid...

6.1CVSS5.9AI score0.00309EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/25 11:37 a.m.38 views

CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm

IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...

5.4CVSS6.1AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2024/01/25 11:37 a.m.12 views

CVE-2023-6282 Cross-Site Scripting vulnerability in IceHrm

IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting XSS vulnerability via /icehrm/app/fileuploadpage.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially...

5.4CVSS6.4AI score0.00309EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/01/25 12:0 a.m.4 views

IceHrm Cross-Site Scripting Vulnerability

IceHrm is a human resource management Hrm system. The system includes features such as employee management, vacation management, and payroll management. A cross-site scripting vulnerability exists in IceHrm version 23.0.0.OS, which stems from insufficiently coded user-controlled input that can le...

6.1CVSS6.2AI score0.00309EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/25 12:0 a.m.7 views

PT-2024-14924 · Ice Hrm · Ice Hrm

Name of the Vulnerable Software and Affected Versions: IceHrm version 23.0.0.OS Description: The issue arises from insufficient encoding of user-controlled input, leading to a Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited via the /icehrm/app/fileupload page.php...

6.1CVSS5.9AI score0.00309EPSS
Exploits0References5
NVD
NVD
added 2022/04/08 9:15 p.m.24 views

CVE-2022-26588

A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...

6.5CVSS0.0057EPSS
Exploits4References2
ATTACKERKB
ATTACKERKB
added 2022/04/08 9:15 p.m.5 views

CVE-2022-26588

A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...

6.5CVSS6AI score0.0057EPSS
Exploits4References4
Prion
Prion
added 2022/04/08 9:15 p.m.16 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...

4.3CVSS6.5AI score0.0057EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2022/04/08 8:12 p.m.100 views

CVE-2022-26588

IceHrm 31.0.0.OS is affected by a CSRF vulnerability where the app/service.php endpoint lacks CSRF token validation. This allows an attacker to delete arbitrary users or achieve account takeover via the affected interface. Public sources (e.g., PacketStorm, Exploit-DB) describe an exploit path an...

6.5CVSS6.5AI score0.0057EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2022/04/08 8:12 p.m.34 views

CVE-2022-26588

A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...

6.8AI score0.0057EPSS
Exploits4References2
OSV
OSV
added 2022/04/08 8:12 p.m.15 views

CVE-2022-26588

A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...

6.5CVSS7.1AI score0.0057EPSS
Exploits4References4
0day.today
0day.today
added 2022/04/07 12:0 a.m.311 views

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion Vulnerability

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE: CVE-2022-26588 1. About...

6.5CVSS1.1AI score0.0057EPSS
Exploits4
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.8 views

IceHrm 跨站请求伪造漏洞

IceHrm is a human resource management Hrm system. The system includes features such as employee management, leave management and payroll management. A security vulnerability exists in IceHrm version 31.0.0.0S, which stems from the lack of token validation in the software for cross-site request...

6.5CVSS6.3AI score0.0057EPSS
Exploits4References4
Packet Storm
Packet Storm
added 2022/04/07 12:0 a.m.328 views

ICEHRM 31.0.0.0S Cross Site Request Forgery

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Date: 29/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE:...

0.6AI score0.0057EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/04/07 12:0 a.m.299 views

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Deletion Date: 29/03/2022 Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 CVE:...

6.5CVSS6.5AI score0.0057EPSS
Exploits4
0day.today
0day.today
added 2022/03/22 12:0 a.m.226 views

ICEHRM 31.0.0.0S - Cross-site Request Forgery to Account Takeover Vulnerability

Exploit Title: ICEHRM 31.0.0.0S - Cross-site Request Forgery CSRF to Account Takeover Exploit Author: Devansh Bordia Vendor Homepage: https://icehrm.com/ Software Link: https://github.com/gamonoid/icehrm/releases/tag/v31.0.0.OS Version: 31.0.0.OS Tested on: Windows 10 1. About - ICEHRM IceHrm...

0.7AI score
Exploits0
Rows per page
Query Builder