Stored Cross Site Scripting in IceHrm by IceHrm Solutions
CVE-2021-38822

5.4MEDIUM

Key Information:

Vendor

Icehrm

Status
Vendor
CVE Published:
4 October 2021

What is CVE-2021-38822?

A Stored Cross Site Scripting vulnerability has been identified in IceHrm version 30.0.0.OS that allows an attacker to execute arbitrary JavaScript commands. This security flaw can be exploited via malicious file uploads on multiple pages of the application, posing significant risks to user data security and application integrity. Implementing timely patches and security measures is crucial to safeguard against potential exploitation of this vulnerability.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.