CVE-2022-25015

Name of the Vulnerable Software and Affected Versions Ice Hrm version 30.0.0.OS

Description A stored cross-site scripting (XSS) issue allows attackers to steal cookies via a crafted payload inserted into the First Name field. This can be exploited to gain unauthorized access to user sessions.

Recommendations For Ice Hrm version 30.0.0.OS, consider restricting input to the First Name field to prevent the insertion of malicious payloads until a patch is available. As a temporary workaround, monitor user sessions closely for signs of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this issue.