A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
8.8CVSS
8.9AI Score
0.001EPSS
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
8.8CVSS
8.9AI Score
0.001EPSS
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
5.4CVSS
5.1AI Score
0.001EPSS
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
8.8CVSS
8.5AI Score
0.006EPSS
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.
5.3CVSS
5.3AI Score
0.078EPSS
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
6.1CVSS
5.9AI Score
0.001EPSS