CVE-2021-35046

MEDIUM

Ice Hrm 29.0.0 - Info Disclosure

Title source: llm

Description

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.

References (1)

[Various Sources] https://github.com/xoffense/POC/blob/main/Account%20takeover%20%28Chaining%20session%20fixation%20%2B%20reflected%20Cross%20Site%20Scripting%29%20in%20ICE%20Hrm%20Version%2029.0.0.OS.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.1

EPSS 0.0020

EPSS Percentile 41.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-384

Status published

Products (1)

icehrm/icehrm 29.0.0.os

Published Jun 22, 2021

Tracked Since Feb 18, 2026