Reflected Cross-Site Scripting Vulnerabilities in Ice Hrm by Gamonoid
CVE-2022-25013

6.1MEDIUM

Key Information:

Vendor

Icehrm

Status
Vendor
CVE Published:
28 February 2022

What is CVE-2022-25013?

Multiple reflected cross-site scripting (XSS) vulnerabilities have been identified in Ice Hrm 30.0.0.OS, specifically leveraging the 'key' and 'fm' parameters in the login.php component. These vulnerabilities could allow attackers to inject malicious scripts into the web application, potentially compromising user data and session integrity. Users and administrators are advised to implement appropriate security measures to mitigate the risks associated with this vulnerability.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.