PT-2021-20408 · Ice Hrm · Ice Hrm

Published

2021-06-22

Updated

2021-06-25

CVE-2021-34243

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Ice Hrm version 29.0.0.OS

Description: A stored cross site scripting (XSS) issue was discovered, allowing attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.

Recommendations: For Ice Hrm version 29.0.0.OS, consider disabling the file upload feature in the Document Management tab until a patch is available to prevent exploitation. Restrict access to the Document Management tab to minimize the risk of arbitrary web script execution.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-34243

Affected Products

Ice Hrm

PT-2021-20408 · Ice Hrm · Ice Hrm

CVE-2021-34243

Weakness Enumeration

Related Identifiers

Affected Products

References · 4