Aggregates CVE and security vulnerability intelligence across all minthcm-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-36656 | In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. | [email protected] | 6.1 | 0.81% | 2024-06-14 | 2025-06-18 |
| CVE-2021-25839 | A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing. | [email protected] | 9.8 | 0.40% | 2021-04-26 | 2024-11-21 |
| CVE-2021-25838 | The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload. | [email protected] | 6.1 | 0.32% | 2021-04-26 | 2024-11-21 |