CVE-2026-24010 Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover
Horilla is a free and open source Human Resource Management System HRMS. A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users to deploy phishing attacks. By uploading a malicious HTML file disguised as a profile picture, an attacker...