Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/01/23 6:19 a.m.6 views

CVE-2026-24034

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5.1AI score0.00222EPSS
Exploits1References1
NVD
NVD
added 2026/01/22 4:15 a.m.9 views

CVE-2026-24034

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS0.00222EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/22 2:41 a.m.20 views

CVE-2026-24034 Horilla has File Upload XSS

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS0.00222EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/22 2:41 a.m.6 views

EUVD-2026-4214

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5.1AI score0.00222EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/22 2:41 a.m.3 views

CVE-2026-24034 Horilla has File Upload XSS

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5.1AI score0.00222EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.9 views

PT-2026-3909

Horilla is a free and open source Human Resource Management System HRMS. In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue...

5.4CVSS5.1AI score0.00222EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-12025

Malware in sbrugna...

7.8CVSS7.6AI score0.01379EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/08/18 6:31 p.m.21 views

CVE-2024-7910 CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The...

5.8CVSS0.00638EPSS
Exploits1References4
OSV
OSV
added 2023/07/22 11:15 a.m.3 views

CVE-2023-3828

A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument usercoverphoto leads to cross site...

6.1CVSS3.8AI score0.00339EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/22 12:0 a.m.7 views

Bug Finder Listplace 跨站脚本漏洞

Bug Finder Listplace is a powerful directory listing platform from Bug Finder, Inc. A cross-site scripting vulnerability exists in Bug Finder Listplace version 3.0, which stems from an unknown function in file /listplace/user/coverPhotoUpdate in the component Photo Handler, leading to cross-site...

6.1CVSS4.6AI score0.00339EPSS
Exploits0References3
OSV
OSV
added 2017/11/07 4:29 p.m.1 views

CVE-2017-2884

An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2017/11/07 4:29 p.m.14 views

CVE-2017-2884

An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the...

7.8CVSS7.4AI score0.01379EPSS
Exploits2References1
Prion
Prion
added 2017/11/07 4:29 p.m.15 views

Design/Logic Flaw

An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the...

7.8CVSS7.4AI score0.01379EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder