EUVD-2025-199904

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no...

PT-2024-26226 · Eramba · Eramba

Name of the Vulnerable Software and Affected Versions: Eramba Community versions prior to 3.22.0 Description: A bug was found in the /attachments/attachments/download/ API endpoint, allowing arbitrary file download due to a lack of user permission checks. This issue is related to an Insecure Dire...

CVE-2020-4024

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability issue attachments with a vnd.wap.xhtml+xml...