CVE-2025-59525 Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover

Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG and via allowed , which can be chained to execute JavaScript whenever users view impacted content e.g., announcements. This can...