CVE-2020-9270

CVE-2020-9270 affects Ice Hrm 26.2.0, where a Cross-Site Request Forgery (CSRF) vulnerability enables a password reset via the service.php endpoint. The available connected records confirm IceHrm 26.2.0 is the affected version and describe the flaw as CSRF leading to unintended password resets; n...

CVE-2020-9271

ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php...

CVE-2020-9271

Ice Hrm 26.2.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can lead to user creation via service.php. The issue is documented across multiple sources (NVD, Red Hat, CNVD, OSV, etc.) with consistent description: unauthenticated CSRF could cause a legitimate user action to...

CVE-2014-3542

Moodle’s mod/lti/service.php in versions up to 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 is affected by an XML External Entity (XXE) issue. The vulnerability allows remote attackers to read arbitrary files via an XML entity declaration combined wi...

Unfixed XSS vulnerability at www.totalwellbeing.ie

Security researcher BackDoor, has submitted on 30/05/2008 a cross-site-scripting XSS vulnerability affecting www.totalwellbeing.ie, which at the time of submission ranked 3775740 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/06/2008. It is...