15 matches found
CVE-2025-63293
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...
CVE-2025-63293
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...
EUVD-2024-34130
Malicious code in bioql PyPI...
EUVD-2025-31100
Malicious code in bioql PyPI...
CVE-2025-59832
Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, an...
CVE-2025-59832
Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, an...
CVE-2025-59832
Horilla HRMS prior to version 1.4.0 contains a stored XSS in the ticket comment editor. A low-privilege authenticated user can inject arbitrary JavaScript that runs in an admin’s browser, potentially exfiltrating cookies/CSRF tokens and hijacking the admin session. The issue has been fixed in ver...
CVE-2025-59832 Horrila Stored XSS Vulnerability via Ticket Comment section
Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, an...
CVE-2025-59832 Horrila Stored XSS Vulnerability via Ticket Comment section
Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, an...
CVE-2025-59832 Horrila Stored XSS Vulnerability via Ticket Comment section
Horilla is a free and open source Human Resource Management System HRMS. Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, an...
PT-2025-39398
Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.4.0 Description Horilla is a Human Resource Management System HRMS. A stored cross-site scripting XSS issue exists in the ticket comment editor for versions prior to 1.4.0. An authenticated user with limited...
Linux Distros Unpatched Vulnerability : CVE-2024-23792
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user ...
CVE-2024-11479
CVE-2024-11479 concerns Issuetrak 17.1. An authenticated user can inject HTML into ticket comments, which is then rendered in emails sent to all users on that ticket. The affected component is the comment handling in tickets; the root cause is HTML injection in comments. Publicly stated impact is...
Code injection
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23792 Insufficient access control
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...