Reflected Cross-Site Scripting Vulnerabilities in Ice Hrm by Gamonoid
CVE-2022-25013
6.1MEDIUM
What is CVE-2022-25013?
Multiple reflected cross-site scripting (XSS) vulnerabilities have been identified in Ice Hrm 30.0.0.OS, specifically leveraging the 'key' and 'fm' parameters in the login.php component. These vulnerabilities could allow attackers to inject malicious scripts into the web application, potentially compromising user data and session integrity. Users and administrators are advised to implement appropriate security measures to mitigate the risks associated with this vulnerability.
