5 matches found
Horilla 安全漏洞
Horilla is a free open-source human resources software developed by Horilla Company. Version 1.5.0 of Horilla contains a security vulnerability. This vulnerability stems from an access control flaw in the help desk attachment viewer, which may allow any authenticated user to view attachments from...
CVE-2025-59832
Horilla HRMS prior to version 1.4.0 contains a stored XSS in the ticket comment editor. A low-privilege authenticated user can inject arbitrary JavaScript that runs in an admin’s browser, potentially exfiltrating cookies/CSRF tokens and hijacking the admin session. The issue has been fixed in ver...
CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control
Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive
Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...
CVE-2025-47789 Horilla Open Redirect Vulnerability in Login
Horilla is a free and open source Human Resource Management System HRMS. In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any...