gamonoid/icehrm

gamonoid/icehrm

Releases35

Frequency3 months 3 weeks

Last Release 3 months ago

Stars710

Manage your employees easily with a robust and efficient Human Resource Management System

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-25013 ↗	Feb 28, 2022Monday, 28 February 2022, 19:15	6.1 MEDIUM	4.3 MEDIUM
Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the "key" and "fm" parameters in the component login.php.
CVE-2022-25014 ↗	Feb 28, 2022Monday, 28 February 2022, 19:15	6.1 MEDIUM	4.3 MEDIUM
Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the "m" parameter in the Dashboard of the current user. This vulnerability allows attackers to compromise session credentials via user interaction with a crafted link.
CVE-2022-25015 ↗	Feb 28, 2022Monday, 28 February 2022, 19:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS allows attackers to steal cookies via a crafted payload inserted into the First Name field.
CVE-2018-12420 ↗	Jun 14, 2018Thursday, 14 June 2018, 21:29	—	5 MEDIUM
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.