Exploits / Vulnerability Discovered : 2021-06-18 |
Type : webapps |
Platform : php
This exploit / vulnerability Ice hrm 29.0.0.os xml upload stored crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS)
# Exploit Author: *Piyush Patil *& Rafal Lykowski
# Vendor Homepage: https://icehrm.com/
# Version: 29.0.0.OS
# Tested on: Windows 10 and Kali
#Description
The file upload feature in ICE Hrm Version 29.0.0.OS allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
#Steps to Reproduce the issue:
1- Login to ICE Hrm Admin Panel
2- Click on Employees=>Document Management=> Upload a below xml file