Lucene search
K

5 matches found

CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Horilla 安全漏洞

Horilla is a free open-source human resources software developed by Horilla Company. Version 1.5.0 of Horilla contains a security vulnerability. This vulnerability stems from an access control flaw in the help desk attachment viewer, which may allow any authenticated user to view attachments from...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2025/09/25 2:45 p.m.18 views

CVE-2025-59832

Horilla HRMS prior to version 1.4.0 contains a stored XSS in the ticket comment editor. A low-privilege authenticated user can inject arbitrary JavaScript that runs in an admin’s browser, potentially exfiltrating cookies/CSRF tokens and hijacking the admin session. The issue has been fixed in ver...

9.9CVSS5.7AI score0.00386EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/24 5:17 p.m.3 views

CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control

Horilla is a free and open source Human Resource Management System HRMS. Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive...

7.5CVSS6AI score0.00407EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/24 1:51 p.m.2 views

CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

7.2CVSS8.5AI score0.02327EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2025/05/15 7:50 p.m.8 views

CVE-2025-47789 Horilla Open Redirect Vulnerability in Login

Horilla is a free and open source Human Resource Management System HRMS. In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any...

6.1CVSS6.3AI score0.00191EPSS
Exploits0References2
Rows per page
Query Builder