72 matches found
CVE-2020-37145
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user...
CVE-2020-37145 HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user...
EUVD-2020-31039
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user...
CVE-2020-37145
HRSALE 1.1.8 is affected by a cross-site request forgery that lets an attacker add unauthorized administrative users through the employee registration form. The exploit can be triggered by an attacker crafting a malicious HTML page with hidden form fields to trick an authenticated administrator i...
CVE-2020-37145
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user...
CVE-2020-37145 HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user...
PT-2026-6587
Name of the Vulnerable Software and Affected Versions HRSALE version 1.1.8 Description HRSALE version 1.1.8 is susceptible to a cross-site request forgery condition. This allows attackers to add unauthorized administrative users via the employee registration form. An attacker can create a malicio...
Hrsale 跨站请求伪造漏洞
Hrsale is a human resources management system written in PHP, developed by the Hrsale team. Version 1.1.8 of Hrsale contains a cross-site request forgeing vulnerability. This vulnerability stems from the existence of cross-site request forgery, which may lead to the addition of unauthorized...
EUVD-2020-21435
Malware in sbrugna...
EUVD-2018-2334
Malware in sbrugna...
EUVD-2018-2331
Malware in sbrugna...
EUVD-2018-2330
Malware in sbrugna...
EUVD-2020-20485
Malware in sbrugna...
EUVD-2018-2333
Malware in sbrugna...
CVE-2020-27993
Hrsale 2.0.0 allows download?type=files=../ directory traversal to read arbitrary files...
CVE-2020-29053
HRSALE 2.0.0 allows XSS via the admin/project/projectscalendar setdate parameter...
Hrsale Cross-Site Scripting Vulnerability
Hrsale is an HRMS written in PHP by the Hrsale team. A cross-site scripting vulnerability exists in HRSALE 2.0.0. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the admin/project/projectscalendar setdate parameter...
CVE-2020-29053
HRSALE 2.0.0 allows XSS via the admin/project/projectscalendar setdate parameter...
CVE-2020-29053
HRSALE 2.0.0 allows XSS via the admin/project/projectscalendar setdate parameter...
Design/Logic Flaw
HRSALE 2.0.0 allows XSS via the admin/project/projectscalendar setdate parameter...