Vulnerabilities (CVE)

Filtered by vendor Minthcm Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-36656 1 Minthcm 1 Minthcm 2025-06-18 N/A 6.1 MEDIUM
In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack.
CVE-2021-25839 1 Minthcm 1 Minthcm 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
CVE-2021-25838 1 Minthcm 1 Minthcm 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.