Cross-Site Request Forgery Vulnerability in ICE Hrm by ICE Solutions
CVE-2020-9270
8.8HIGH
What is CVE-2020-9270?
ICE Hrm version 26.2.0 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw enables an attacker to manipulate a legitimate user's session, allowing unauthorized password resets through the service.php endpoint. If exploited, this vulnerability poses a significant security risk by potentially enabling attackers to gain control over user accounts without consent, emphasizing the need for robust CSRF protections in web applications.
