CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43262
https://notcve.org/view.php?id=CVE-2022-43262
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php. Se descubrió que Human Resource Management System v1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro de contraseña en /hrm/controller/login.php. • https://github.com/null302/bug_report/blob/main/vendors/oretnom23/Human%20Resource%20Management%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43317
https://notcve.org/view.php?id=CVE-2022-43317
A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de cross-site scripting (XSS) en /hrm/index.php?msg de Human Resource Management System v1.0 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado. • https://github.com/ImaizumiYui/bug_report/blob/main/vendors/oretnom23/Human%20Resource%20Management%20System/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43318
https://notcve.org/view.php?id=CVE-2022-43318
Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php. Se descubrió que Human Resource Management System v1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro stateedit en /hrm/state.php. • https://github.com/ImaizumiYui/bug_report/blob/main/vendors/oretnom23/Human%20Resource%20Management%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3497 – SourceCodester Human Resource Management System Master List cross site scripting
https://notcve.org/view.php?id=CVE-2022-3497
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been classified as problematic. Affected is an unknown function of the component Master List. The manipulation of the argument city/state/country/position leads to cross site scripting. It is possible to launch the attack remotely. • https://vuldb.com/?id.210786 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3502 – Human Resource Management System Leave cross site scripting
https://notcve.org/view.php?id=CVE-2022-3502
A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/draco1725/POC/blob/main/Exploit/Stored%20Xss https://vuldb.com/?id.210831 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •