CVE-2023-6282

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 25, 2024
Updated: Jan 31, 2024
CWE ID 79

Summary

CVE-2023-6282 is a Cross-Site Scripting (XSS) vulnerability affecting IceHrm 23.0.0.OS. The issue lies in the insufficient input encoding found in several parameters in the /icehrm/app/fileupload_page.php file. An attacker can exploit this weakness by delivering a custom JavaScript payload, which could partially take control of a victim's browser. This vulnerability may result in sensitive data being stolen or unintended actions being carried out in the context of the affected user.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share