Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.5 views

CVE-2022-27110

OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint...

5.4CVSS7.3AI score0.00456EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-31646

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00479EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/06 3:15 p.m.2 views

CVE-2022-27110

OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint...

5.4CVSS5.9AI score0.00456EPSS
Exploits1References2
NVD
NVD
added 2022/04/06 3:15 p.m.9 views

CVE-2022-27109

OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability...

5.4CVSS0.00456EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/06 3:15 p.m.2 views

CVE-2022-27108

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

4.3CVSS5.9AI score0.00579EPSS
Exploits1References2
Prion
Prion
added 2022/04/06 3:15 p.m.20 views

Design/Logic Flaw

OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint...

4.9CVSS5.7AI score0.00456EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/04/06 3:15 p.m.15 views

Design/Logic Flaw

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference IDOR via the end point symfony/web/index.php/time/createTimesheet. Any user can create a timesheet in another user's account...

4CVSS4.6AI score0.00579EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/04/06 2:42 p.m.14 views

CVE-2022-27109

OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability...

6AI score0.00456EPSS
Exploits1References1
CVE
CVE
added 2022/04/06 2:42 p.m.95 views

CVE-2022-27109

CVE-2022-27109 affects OrangeHRM 4.10. The issue is a Referer header injection that enables redirect vulnerabilities. The connected Red Hat/CNVD entries reiterate the same description. The documents do not provide details on affected subcomponents, exact exploit steps, scope, or a remediation pat...

5.4CVSS5.6AI score0.00456EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/04/06 2:39 p.m.90 views

CVE-2022-27107

OrangeHRM 4.10 contains a Stored XSS vulnerability in the 3Share Video3 feature under OrangeBuzz, exploitable via the GET/POST parameter createVideo[linkAddress]. The CVE notes this can allow JavaScript execution in the context of an affected user. CVSS metrics report MEDIUM severity (3.1) wi...

5.4CVSS5.1AI score0.00479EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder