Biometric Shift Employee Management System
Monthly
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.