Stored Cross Site Scripting Vulnerability in IceHrm 30.0.0.OS: Arbitrary Execution of JavaScript Commands via Malicious File Upload

Stored Cross Site Scripting Vulnerability in IceHrm 30.0.0.OS: Arbitrary Execution of JavaScript Commands via Malicious File Upload

CVE-2021-38822 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.

Learn more about our Web Application Penetration Testing UK.