7 matches found
CVE-2017-17993
Biometric Shift Employee Management System is affected by a cross-site scripting (XSS) vulnerability exposed via the amount parameter in the index.php?user=addition_deduction request. NVD records show XSS with CVSS v2 base score 3.5 (LOW) and a CVSS v3 base score of 5.4 (MEDIUM); attack vector is...
CVE-2017-17990
Biometric Shift Employee Management System is affected by a CSRF vulnerability in the edit_holiday action controlled by index.php. The issue originates fromCross-Site Request Forgery via the edit_holiday operation, enabling unauthorized requests to potentially change holiday data. The CVE entry c...
CVE-2017-17992
Biometric Shift Employee Management System is affected by CVE-2017-17992 due to a directory traversal vulnerability in the download_form action. The root cause is lack of validation in the index.php form_file_name parameter, enabling arbitrary file download. Public records note network exposure w...
CVE-2017-17994
Biometric Shift Employee Management System has an XSS vulnerability in the criteria parameter accessible via index.php?user=competency_criteria. The issue is a cross-site scripting flaw described in CNVD-2018-01396 and corroborated by related records, allowing injected scripts to be executed in a...
CVE-2017-17995
Biometric Shift Employee Management System is affected by a stored/reflected XSS via the Last_Name parameter in the index.php?user=ajax request. The issue, reported across multiple sources (NVD/CNVD/CVELIST, etc.), is caused by improper sanitization of user-supplied input leading to script inject...
CVE-2017-17989
The vulnerability described for CVE-2017-17989 affects the Biometric Shift Employee Management System. The issue is a Cross-Site Scripting (XSS) flaw that can be triggered via the index.php holiday_name parameter in the edit_holiday action. According to the available data, this is the scope, with...
CVE-2017-17991
CVE-2017-17991 affects Biometric Shift Employee Management System, with a stored/reflected XSS in the expense_name parameter of the index.php?user=expenses request. Documents confirm XSS vulnerability but do not provide exploit details, affected versions, or remediation steps.