CVE-2022-26588

A Cross-Site Request Forgery CSRF in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI...

EUVD-2021-25260

Malware in sbrugna...

CVE-2021-38823

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser...

CVE-2024-46073

A reflected Cross-Site Scripting XSS vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. An attacker can exploit this flaw by tricking a...

CVE-2024-46073

CVE-2024-46073 describes a reflected Cross‑Site Scripting (XSS) in IceHRM v32.4.0.OS login page. The root cause is improper sanitization of the user-controlled yet echoed “next” parameter, which is included in the response without proper escaping. This enables an attacker to lure a user to a craf...

IceHrm Session Management Vulnerability

IceHrm is a human resource management Hrm system. The system includes features such as employee management, leave management and payroll management. A security vulnerability exists in IceHrm 30.0.0 OS, which stems from the fact that logging out from an administrator account does not invalidate an...