CVSS 3.1 Score 5.4 of 10 (medium)


Published Jan 25, 2024
Updated: Jan 31, 2024


CVE-2023-6282 is a Cross-Site Scripting (XSS) vulnerability found in IceHrm 23.0.0.OS. The vulnerability arises due to insufficient encoding of user-controlled input in multiple parameters, specifically in the /icehrm/app/fileupload_page.php URL. This allows an attacker to execute a specially crafted JavaScript payload, potentially hijacking the victim's browser. The affected product is IceHrm version 23.0.0.OS. To remediate this vulnerability, users should update to a patched version provided by the vendor. This vulnerability poses a medium risk to organizations as it could lead to unauthorized access or manipulation of sensitive information through the exploitation of user browsers.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6282 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options