10 matches found
CVE-2022-27110
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint...
EUVD-2022-31646
Malicious code in bioql PyPI...
CVE-2022-27110
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint...
CVE-2022-27109
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability...
CVE-2022-27108
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...
Design/Logic Flaw
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint...
Design/Logic Flaw
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...
CVE-2022-27109
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability...
CVE-2022-27109
CVE-2022-27109 affects OrangeHRM 4.10. The issue is a Referer header injection that enables redirect vulnerabilities. The connected Red Hat/CNVD entries reiterate the same description. The documents do not provide details on affected subcomponents, exact exploit steps, scope, or a remediation pat...
CVE-2022-27107
OrangeHRM 4.10 contains a Stored XSS vulnerability in the 3Share Video3 feature under OrangeBuzz, exploitable via the GET/POST parameter createVideo[linkAddress]. The CVE notes this can allow JavaScript execution in the context of an affected user. CVSS metrics report MEDIUM severity (3.1) wi...