1830 matches found
Design/Logic Flaw
Biometric Shift Employee Management System has XSS via the index.php holidayname parameter in an editholiday action...
CVE-2017-17990
Biometric Shift Employee Management System has CSRF via index.php in an editholiday action...
CVE-2017-17990
Biometric Shift Employee Management System has CSRF via index.php in an editholiday action...
CVE-2017-17993
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=additiondeduction request...
CVE-2017-17994
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competencycriteria request...
CVE-2017-17992
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php formfilename parameter in a downloadform action...
CVE-2017-17994
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competencycriteria request...
Cross site request forgery (csrf)
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=additiondeduction request...
CVE-2017-17989
Biometric Shift Employee Management System has XSS via the index.php holidayname parameter in an editholiday action...
Directory traversal
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php formfilename parameter in a downloadform action...
CVE-2017-17992
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php formfilename parameter in a downloadform action...
Server side request forgery (ssrf)
Biometric Shift Employee Management System has XSS via the LastName parameter in an index.php?user=ajax request...
CVE-2017-17991
Biometric Shift Employee Management System has XSS via the expensename parameter in an index.php?user=expenses request...
CVE-2017-17993
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=additiondeduction request...
CVE-2017-17995
Biometric Shift Employee Management System has XSS via the LastName parameter in an index.php?user=ajax request...
CVE-2017-17992
Biometric Shift Employee Management System is affected by CVE-2017-17992 due to a directory traversal vulnerability in the download_form action. The root cause is lack of validation in the index.php form_file_name parameter, enabling arbitrary file download. Public records note network exposure w...
CVE-2017-17989
Biometric Shift Employee Management System has XSS via the index.php holidayname parameter in an editholiday action...
CVE-2017-17989
The vulnerability described for CVE-2017-17989 affects the Biometric Shift Employee Management System. The issue is a Cross-Site Scripting (XSS) flaw that can be triggered via the index.php holiday_name parameter in the edit_holiday action. According to the available data, this is the scope, with...
CVE-2017-17994
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competencycriteria request...
CVE-2017-17994
Biometric Shift Employee Management System has an XSS vulnerability in the criteria parameter accessible via index.php?user=competency_criteria. The issue is a cross-site scripting flaw described in CNVD-2018-01396 and corroborated by related records, allowing injected scripts to be executed in a...