Lucene search

Biometric Shift Employee Management System Security Vulnerabilities - November

cve

CVE-2017-17989

Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.

5.4CVSS

5.2AI Score

0.001EPSS

2017-12-30 04:29 AM

cve

CVE-2017-17990

Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.

8.8CVSS

8.6AI Score

0.001EPSS

2017-12-30 04:29 AM

cve

CVE-2017-17991

Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.

5.4CVSS

5.2AI Score

0.001EPSS

2017-12-30 04:29 AM

cve

CVE-2017-17992

Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.

9.8CVSS

9.3AI Score

0.005EPSS

2017-12-30 04:29 AM

cve

CVE-2017-17993

Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.

5.4CVSS

5.2AI Score

0.001EPSS

2017-12-30 04:29 AM

cve

CVE-2017-17994

Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.

5.4CVSS

5.2AI Score

0.001EPSS

2017-12-30 04:29 AM

cve

CVE-2017-17995

Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.

5.4CVSS

5.2AI Score

0.001EPSS

2017-12-30 04:29 AM