Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Scripting vulnerability in IceHrm
Vulnerability Description
IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially hijacking the victim's browser.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
IceHrm 跨站脚本漏洞
Vulnerability Description
IceHrm是一套人力资源管理(Hrm)系统。该系统包括员工管理、休假管理和薪酬管理等功能。 IceHrm 23.0.0.OS版本存在跨站脚本漏洞,该漏洞源于没有充分编码用户控制的输入,可以通过 /icehrm/app/fileupload_page.php 中的多个参数导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A