Lucene search
K

8 matches found

Packet Storm
Packet Storm
added 2026/04/10 12:0 a.m.81 views

📄 Horilla 1.3 Remote Command Execution

Horilla versions 1.3 and below suffer from a remote command execution vulnerability. Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE...

7.2CVSS6AI score0.02327EPSS
Exploits3
Cvelist
Cvelist
added 2026/01/22 3:31 a.m.25 views

CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

4.8CVSS0.00227EPSS
Exploits1References2
CVE
CVE
added 2026/01/22 3:31 a.m.16 views

CVE-2026-24037

Horilla HRMS has_XSS bypass in version 1.4.0 due to incomplete, context-agnostic regex filtering in has_xss(), enabling attackers to redirect users, run external JavaScript, and steal CSRF tokens for admin-targeted CSRF attacks. The issue is fixed in version 1.5.0. Affected: Horilla 1.4.x → fixed...

5.4CVSS5.3AI score0.00227EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/01/22 3:31 a.m.6 views

CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

4.8CVSS5.4AI score0.00227EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-31024

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00223EPSS
Exploits1References1
NVD
NVD
added 2025/09/24 6:15 p.m.5 views

CVE-2025-48867

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

4.8CVSS0.00223EPSS
Exploits1References1
CVE
CVE
added 2025/09/24 5:25 p.m.19 views

CVE-2025-48867

CVE-2025-48867 describes a stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0. The issue allows authenticated admin/privileged users to inject malicious JavaScript into multiple fields in the Project and Task modules; payloads are stored in the database and execute when viewed b...

4.8CVSS5.3AI score0.00223EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/09/24 5:25 p.m.6 views

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

4.8CVSS5.7AI score0.00223EPSS
Exploits1References3
Rows per page
Query Builder