Search criteria
24 vulnerabilities found for horilla by horilla
FKIE_CVE-2025-59832
Vulnerability from fkie_nvd - Published: 2025-09-25 15:16 - Updated: 2025-09-29 14:03
Severity ?
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horilla:horilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9951AF-3A3C-4C56-B166-E012C632CD19",
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin\u2019s browser, exfiltrate the admin\u2019s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0."
}
],
"id": "CVE-2025-59832",
"lastModified": "2025-09-29T14:03:20.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-25T15:16:14.100",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-59525
Vulnerability from fkie_nvd - Published: 2025-09-24 19:15 - Updated: 2025-09-29 14:04
Severity ?
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed <embed>), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horilla:horilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9951AF-3A3C-4C56-B166-E012C632CD19",
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed \u003cembed\u003e), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0."
},
{
"lang": "es",
"value": "Horilla es un Sistema de Gesti\u00f3n de Recursos Humanos (HRMS) gratuito y de c\u00f3digo abierto. Antes de la versi\u00f3n 1.4.0, una sanitizaci\u00f3n inadecuada en toda la aplicaci\u00f3n permite XSS a trav\u00e9s de SVG cargados (y a trav\u00e9s de permitidos), lo que puede encadenarse para ejecutar JavaScript cada vez que los usuarios visualizan contenido afectado (por ejemplo, anuncios). Esto puede resultar en la toma de control de la cuenta de administrador. Este problema ha sido parcheado en la versi\u00f3n 1.4.0."
}
],
"id": "CVE-2025-59525",
"lastModified": "2025-09-29T14:04:23.910",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T19:15:42.113",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-59524
Vulnerability from fkie_nvd - Published: 2025-09-24 18:15 - Updated: 2025-09-29 14:04
Severity ?
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by submitting a crafted request) to store an executable HTML document on the server. When an administrator or other privileged user views the uploaded file, the embedded script runs in their context and sends session cookies (or other credentials) to an attacker-controlled endpoint. The attacker then reuses those credentials to impersonate the admin. This issue has been patched in version 1.4.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horilla:horilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9951AF-3A3C-4C56-B166-E012C632CD19",
"versionEndExcluding": "1.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by submitting a crafted request) to store an executable HTML document on the server. When an administrator or other privileged user views the uploaded file, the embedded script runs in their context and sends session cookies (or other credentials) to an attacker-controlled endpoint. The attacker then reuses those credentials to impersonate the admin. This issue has been patched in version 1.4.0."
},
{
"lang": "es",
"value": "Horilla es un Sistema de Gesti\u00f3n de Recursos Humanos (HRMS) de c\u00f3digo abierto y gratuito. Antes de la versi\u00f3n 1.4.0, el flujo de carga de archivos realiza la validaci\u00f3n solo en el navegador y no aplica verificaciones del lado del servidor. Un atacante puede omitir la validaci\u00f3n del lado del cliente (por ejemplo, con un proxy interceptor o enviando una solicitud manipulada) para almacenar un documento HTML ejecutable en el servidor. Cuando un administrador u otro usuario privilegiado visualiza el archivo cargado, el script incrustado se ejecuta en su contexto y env\u00eda cookies de sesi\u00f3n (u otras credenciales) a un punto final controlado por el atacante. El atacante luego reutiliza esas credenciales para suplantar al administrador. Este problema ha sido parcheado en la versi\u00f3n 1.4.0."
}
],
"id": "CVE-2025-59524",
"lastModified": "2025-09-29T14:04:48.430",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T18:15:42.503",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-48869
Vulnerability from fkie_nvd - Published: 2025-09-24 18:15 - Updated: 2025-09-29 14:05
Severity ?
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horilla:horilla:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB689BA6-40B8-4E5F-AEB4-6DCB6C76A651",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch."
},
{
"lang": "es",
"value": "Horilla es un Sistema de Gesti\u00f3n de Recursos Humanos (HRMS) gratuito y de c\u00f3digo abierto. Usuarios no autenticados pueden acceder a archivos de curr\u00edculum vitae subidos en Horilla 1.3.0 adivinando o prediciendo directamente las URL de los archivos. Estos archivos se almacenan en un directorio de acceso p\u00fablico, lo que permite a los atacantes recuperar informaci\u00f3n sensible de los candidatos sin autenticaci\u00f3n. En el momento de la publicaci\u00f3n, no existe un parche conocido."
}
],
"id": "CVE-2025-48869",
"lastModified": "2025-09-29T14:05:30.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T18:15:37.677",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-48867
Vulnerability from fkie_nvd - Published: 2025-09-24 18:15 - Updated: 2025-09-29 14:06
Severity ?
Summary
Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads persist in the database and are executed when viewed by an admin or other privileged users through the web interface. Although the issue is not exploitable by unauthenticated users, it still poses a high risk of session hijacking and unauthorized action within high-privilege accounts. At time of publication there is no known patch.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horilla:horilla:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB689BA6-40B8-4E5F-AEB4-6DCB6C76A651",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads persist in the database and are executed when viewed by an admin or other privileged users through the web interface. Although the issue is not exploitable by unauthenticated users, it still poses a high risk of session hijacking and unauthorized action within high-privilege accounts. At time of publication there is no known patch."
},
{
"lang": "es",
"value": "Horilla es un Sistema de Gesti\u00f3n de Recursos Humanos (HRMS) gratuito y de c\u00f3digo abierto. Una vulnerabilidad de cross-site scripting (XSS) almacenado en Horilla HRM 1.3.0 permite a usuarios administradores o privilegiados autenticados inyectar cargas \u00fatiles de JavaScript maliciosas en m\u00faltiples campos en los m\u00f3dulos de Proyecto y Tarea. Estas cargas \u00fatiles persisten en la base de datos y se ejecutan cuando son vistas por un administrador u otros usuarios privilegiados a trav\u00e9s de la interfaz web. Aunque el problema no es explotable por usuarios no autenticados, a\u00fan representa un alto riesgo de secuestro de sesi\u00f3n y acci\u00f3n no autorizada dentro de cuentas de alto privilegio. Al momento de la publicaci\u00f3n no existe un parche conocido."
}
],
"id": "CVE-2025-48867",
"lastModified": "2025-09-29T14:06:04.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T18:15:37.510",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-48868
Vulnerability from fkie_nvd - Published: 2025-09-24 14:15 - Updated: 2025-09-29 14:06
Severity ?
Summary
Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django’s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horilla:horilla:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB689BA6-40B8-4E5F-AEB4-6DCB6C76A651",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python\u2019s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django\u2019s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1."
}
],
"id": "CVE-2025-48868",
"lastModified": "2025-09-29T14:06:57.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T14:15:49.593",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-95"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-47789
Vulnerability from fkie_nvd - Published: 2025-05-15 20:16 - Updated: 2025-09-19 15:28
Severity ?
Summary
Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horilla:horilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC7D92E-92E2-45E3-907A-32EFD0407D48",
"versionEndExcluding": "1.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue."
},
{
"lang": "es",
"value": "Horilla es un sistema de gesti\u00f3n de recursos humanos (HRMS) gratuito y de c\u00f3digo abierto. En versiones anteriores a la 1.3, un atacante puede manipular una URL de Horilla que haga referencia a un dominio externo. Al hacer clic e iniciar sesi\u00f3n, el usuario es redirigido a un dominio externo. Esto permite la redirecci\u00f3n a cualquier sitio web, incluyendo dominios de phishing o maliciosos, que pueden utilizarse para suplantar la identidad de Horilla y enga\u00f1ar a los usuarios. El commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 corrige el problema."
}
],
"id": "CVE-2025-47789",
"lastModified": "2025-09-19T15:28:23.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-15T20:16:09.493",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/horilla-opensource/horilla/commit/1c72404df6888bb23af73c767fdaee5e6679ebd6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-cqp5-xx4j-r468"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-12138
Vulnerability from fkie_nvd - Published: 2024-12-04 14:15 - Updated: 2025-09-19 15:32
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | ||
|---|---|---|---|
| cna@vuldb.com | https://github.com/Sp1d3rL1/horilla-RCE | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.286858 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.286858 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.451515 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:horilla:horilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "776BDC61-4861-4C3E-8E5F-1F704C4FE5CA",
"versionEndIncluding": "1.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en horilla hasta la versi\u00f3n 1.2.1. Esta vulnerabilidad afecta a la funci\u00f3n request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. La manipulaci\u00f3n provoca la deserializaci\u00f3n. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2024-12138",
"lastModified": "2025-09-19T15:32:38.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2024-12-04T14:15:19.413",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Sp1d3rL1/horilla-RCE"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.286858"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.286858"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.451515"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
CVE-2025-59832 (GCVE-0-2025-59832)
Vulnerability from cvelistv5 – Published: 2025-09-25 14:45 – Updated: 2025-09-25 15:48
VLAI?
Title
Horrila Stored XSS Vulnerability via Ticket Comment section
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0.
Severity ?
9.9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T15:45:18.489582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T15:48:38.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin\u2019s browser, exfiltrate the admin\u2019s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T14:45:19.214Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h"
},
{
"name": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf"
}
],
"source": {
"advisory": "GHSA-8x78-6q9g-hv2h",
"discovery": "UNKNOWN"
},
"title": "Horrila Stored XSS Vulnerability via Ticket Comment section"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59832",
"datePublished": "2025-09-25T14:45:19.214Z",
"dateReserved": "2025-09-22T14:34:03.471Z",
"dateUpdated": "2025-09-25T15:48:38.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59525 (GCVE-0-2025-59525)
Vulnerability from cvelistv5 – Published: 2025-09-24 18:15 – Updated: 2025-10-15 16:06
VLAI?
Title
Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed <embed>), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T16:05:44.238551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:06:11.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed \u003cembed\u003e), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:15:12.850Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp"
},
{
"name": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf"
},
{
"name": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0"
}
],
"source": {
"advisory": "GHSA-rp5m-vpqr-vpvp",
"discovery": "UNKNOWN"
},
"title": "Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59525",
"datePublished": "2025-09-24T18:15:12.850Z",
"dateReserved": "2025-09-17T17:04:20.372Z",
"dateUpdated": "2025-10-15T16:06:11.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59524 (GCVE-0-2025-59524)
Vulnerability from cvelistv5 – Published: 2025-09-24 18:12 – Updated: 2025-09-24 18:46
VLAI?
Title
Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by submitting a crafted request) to store an executable HTML document on the server. When an administrator or other privileged user views the uploaded file, the embedded script runs in their context and sends session cookies (or other credentials) to an attacker-controlled endpoint. The attacker then reuses those credentials to impersonate the admin. This issue has been patched in version 1.4.0.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59524",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:46:51.206876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:46:57.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by submitting a crafted request) to store an executable HTML document on the server. When an administrator or other privileged user views the uploaded file, the embedded script runs in their context and sends session cookies (or other credentials) to an attacker-controlled endpoint. The attacker then reuses those credentials to impersonate the admin. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:12:55.990Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q"
},
{
"name": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf"
},
{
"name": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0"
}
],
"source": {
"advisory": "GHSA-mff9-p8j9-9v5q",
"discovery": "UNKNOWN"
},
"title": "Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59524",
"datePublished": "2025-09-24T18:12:55.990Z",
"dateReserved": "2025-09-17T17:04:20.372Z",
"dateUpdated": "2025-09-24T18:46:57.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48867 (GCVE-0-2025-48867)
Vulnerability from cvelistv5 – Published: 2025-09-24 17:25 – Updated: 2025-09-24 17:36
VLAI?
Title
Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules
Summary
Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads persist in the database and are executed when viewed by an admin or other privileged users through the web interface. Although the issue is not exploitable by unauthenticated users, it still poses a high risk of session hijacking and unauthorized action within high-privilege accounts. At time of publication there is no known patch.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
= 1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48867",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T17:35:26.399473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:36:10.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads persist in the database and are executed when viewed by an admin or other privileged users through the web interface. Although the issue is not exploitable by unauthenticated users, it still poses a high risk of session hijacking and unauthorized action within high-privilege accounts. At time of publication there is no known patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:25:42.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r"
}
],
"source": {
"advisory": "GHSA-w242-xv47-j55r",
"discovery": "UNKNOWN"
},
"title": "Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48867",
"datePublished": "2025-09-24T17:25:42.227Z",
"dateReserved": "2025-05-27T20:14:34.294Z",
"dateUpdated": "2025-09-24T17:36:10.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48869 (GCVE-0-2025-48869)
Vulnerability from cvelistv5 – Published: 2025-09-24 17:17 – Updated: 2025-09-24 17:26
VLAI?
Title
Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
= 1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48869",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T17:26:23.991586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:26:56.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:19:09.942Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w"
}
],
"source": {
"advisory": "GHSA-99h5-x29f-727w",
"discovery": "UNKNOWN"
},
"title": "Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48869",
"datePublished": "2025-09-24T17:17:40.979Z",
"dateReserved": "2025-05-27T20:14:34.295Z",
"dateUpdated": "2025-09-24T17:26:56.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48868 (GCVE-0-2025-48868)
Vulnerability from cvelistv5 – Published: 2025-09-24 13:51 – Updated: 2025-09-24 18:45
VLAI?
Title
Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive
Summary
Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django’s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1.
Severity ?
7.2 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
= 1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48868",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:45:44.475358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:45:55.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python\u2019s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django\u2019s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:51:04.834Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw"
},
{
"name": "https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc"
},
{
"name": "https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing"
},
{
"name": "https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing"
}
],
"source": {
"advisory": "GHSA-h6qj-pwmx-wjhw",
"discovery": "UNKNOWN"
},
"title": "Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48868",
"datePublished": "2025-09-24T13:51:04.834Z",
"dateReserved": "2025-05-27T20:14:34.295Z",
"dateUpdated": "2025-09-24T18:45:55.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47789 (GCVE-0-2025-47789)
Vulnerability from cvelistv5 – Published: 2025-05-15 19:50 – Updated: 2025-05-16 14:51
VLAI?
Title
Horilla Open Redirect Vulnerability in Login
Summary
Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue.
Severity ?
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
<= 1.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T14:50:39.736953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T14:51:36.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:50:28.480Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-cqp5-xx4j-r468",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-cqp5-xx4j-r468"
},
{
"name": "https://github.com/horilla-opensource/horilla/commit/1c72404df6888bb23af73c767fdaee5e6679ebd6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/commit/1c72404df6888bb23af73c767fdaee5e6679ebd6"
}
],
"source": {
"advisory": "GHSA-cqp5-xx4j-r468",
"discovery": "UNKNOWN"
},
"title": "Horilla Open Redirect Vulnerability in Login"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47789",
"datePublished": "2025-05-15T19:50:28.480Z",
"dateReserved": "2025-05-09T19:49:35.622Z",
"dateUpdated": "2025-05-16T14:51:36.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12138 (GCVE-0-2024-12138)
Vulnerability from cvelistv5 – Published: 2024-12-04 14:00 – Updated: 2024-12-04 14:22
VLAI?
Title
horilla create_skills deserialization
Summary
A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
sp1d3r (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T14:22:11.485350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T14:22:19.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sp1d3r (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In horilla bis 1.2.1 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T14:00:14.890Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-286858 | horilla create_skills deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.286858"
},
{
"name": "VDB-286858 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.286858"
},
{
"name": "Submit #451515 | www.horilla.com horilla 1.2.1 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.451515"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Sp1d3rL1/horilla-RCE"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-04T09:53:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "horilla create_skills deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12138",
"datePublished": "2024-12-04T14:00:14.890Z",
"dateReserved": "2024-12-04T08:48:46.029Z",
"dateUpdated": "2024-12-04T14:22:19.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59832 (GCVE-0-2025-59832)
Vulnerability from nvd – Published: 2025-09-25 14:45 – Updated: 2025-09-25 15:48
VLAI?
Title
Horrila Stored XSS Vulnerability via Ticket Comment section
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0.
Severity ?
9.9 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T15:45:18.489582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T15:48:38.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin\u2019s browser, exfiltrate the admin\u2019s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T14:45:19.214Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h"
},
{
"name": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf"
}
],
"source": {
"advisory": "GHSA-8x78-6q9g-hv2h",
"discovery": "UNKNOWN"
},
"title": "Horrila Stored XSS Vulnerability via Ticket Comment section"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59832",
"datePublished": "2025-09-25T14:45:19.214Z",
"dateReserved": "2025-09-22T14:34:03.471Z",
"dateUpdated": "2025-09-25T15:48:38.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59525 (GCVE-0-2025-59525)
Vulnerability from nvd – Published: 2025-09-24 18:15 – Updated: 2025-10-15 16:06
VLAI?
Title
Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed <embed>), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T16:05:44.238551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:06:11.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed \u003cembed\u003e), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:15:12.850Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp"
},
{
"name": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf"
},
{
"name": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0"
}
],
"source": {
"advisory": "GHSA-rp5m-vpqr-vpvp",
"discovery": "UNKNOWN"
},
"title": "Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59525",
"datePublished": "2025-09-24T18:15:12.850Z",
"dateReserved": "2025-09-17T17:04:20.372Z",
"dateUpdated": "2025-10-15T16:06:11.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59524 (GCVE-0-2025-59524)
Vulnerability from nvd – Published: 2025-09-24 18:12 – Updated: 2025-09-24 18:46
VLAI?
Title
Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by submitting a crafted request) to store an executable HTML document on the server. When an administrator or other privileged user views the uploaded file, the embedded script runs in their context and sends session cookies (or other credentials) to an attacker-controlled endpoint. The attacker then reuses those credentials to impersonate the admin. This issue has been patched in version 1.4.0.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
< 1.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59524",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:46:51.206876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:46:57.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c 1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by submitting a crafted request) to store an executable HTML document on the server. When an administrator or other privileged user views the uploaded file, the embedded script runs in their context and sends session cookies (or other credentials) to an attacker-controlled endpoint. The attacker then reuses those credentials to impersonate the admin. This issue has been patched in version 1.4.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:12:55.990Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q"
},
{
"name": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf"
},
{
"name": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.4.0"
}
],
"source": {
"advisory": "GHSA-mff9-p8j9-9v5q",
"discovery": "UNKNOWN"
},
"title": "Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59524",
"datePublished": "2025-09-24T18:12:55.990Z",
"dateReserved": "2025-09-17T17:04:20.372Z",
"dateUpdated": "2025-09-24T18:46:57.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48867 (GCVE-0-2025-48867)
Vulnerability from nvd – Published: 2025-09-24 17:25 – Updated: 2025-09-24 17:36
VLAI?
Title
Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules
Summary
Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads persist in the database and are executed when viewed by an admin or other privileged users through the web interface. Although the issue is not exploitable by unauthenticated users, it still poses a high risk of session hijacking and unauthorized action within high-privilege accounts. At time of publication there is no known patch.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
= 1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48867",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T17:35:26.399473Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:36:10.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads persist in the database and are executed when viewed by an admin or other privileged users through the web interface. Although the issue is not exploitable by unauthenticated users, it still poses a high risk of session hijacking and unauthorized action within high-privilege accounts. At time of publication there is no known patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:25:42.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-w242-xv47-j55r"
}
],
"source": {
"advisory": "GHSA-w242-xv47-j55r",
"discovery": "UNKNOWN"
},
"title": "Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48867",
"datePublished": "2025-09-24T17:25:42.227Z",
"dateReserved": "2025-05-27T20:14:34.294Z",
"dateUpdated": "2025-09-24T17:36:10.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48869 (GCVE-0-2025-48869)
Vulnerability from nvd – Published: 2025-09-24 17:17 – Updated: 2025-09-24 17:26
VLAI?
Title
Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control
Summary
Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
= 1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48869",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T17:26:23.991586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:26:56.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These files are stored in a publicly accessible directory, allowing attackers to retrieve sensitive candidate information without authentication. At time of publication there is no known patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:19:09.942Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-99h5-x29f-727w"
}
],
"source": {
"advisory": "GHSA-99h5-x29f-727w",
"discovery": "UNKNOWN"
},
"title": "Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48869",
"datePublished": "2025-09-24T17:17:40.979Z",
"dateReserved": "2025-05-27T20:14:34.295Z",
"dateUpdated": "2025-09-24T17:26:56.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48868 (GCVE-0-2025-48868)
Vulnerability from nvd – Published: 2025-09-24 13:51 – Updated: 2025-09-24 18:45
VLAI?
Title
Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive
Summary
Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django’s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1.
Severity ?
7.2 (High)
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
= 1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48868",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:45:44.475358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:45:55.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "= 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python\u2019s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django\u2019s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:51:04.834Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-h6qj-pwmx-wjhw"
},
{
"name": "https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/commit/b0aab62b3a5fe6b7114b5c58db129b3744b4d8cc"
},
{
"name": "https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1XQAJilt77QxkjGEa94CsZRqZIZXa3ET9/view?usp=sharing"
},
{
"name": "https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing",
"tags": [
"x_refsource_MISC"
],
"url": "https://drive.google.com/file/d/1hnI9AK3fnpVrTlTRF7aRJsKhZCDIm2Ve/view?usp=sharing"
}
],
"source": {
"advisory": "GHSA-h6qj-pwmx-wjhw",
"discovery": "UNKNOWN"
},
"title": "Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48868",
"datePublished": "2025-09-24T13:51:04.834Z",
"dateReserved": "2025-05-27T20:14:34.295Z",
"dateUpdated": "2025-09-24T18:45:55.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47789 (GCVE-0-2025-47789)
Vulnerability from nvd – Published: 2025-05-15 19:50 – Updated: 2025-05-16 14:51
VLAI?
Title
Horilla Open Redirect Vulnerability in Login
Summary
Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue.
Severity ?
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| horilla-opensource | horilla |
Affected:
<= 1.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-16T14:50:39.736953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T14:51:36.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "horilla-opensource",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T19:50:28.480Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-cqp5-xx4j-r468",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-cqp5-xx4j-r468"
},
{
"name": "https://github.com/horilla-opensource/horilla/commit/1c72404df6888bb23af73c767fdaee5e6679ebd6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/horilla-opensource/horilla/commit/1c72404df6888bb23af73c767fdaee5e6679ebd6"
}
],
"source": {
"advisory": "GHSA-cqp5-xx4j-r468",
"discovery": "UNKNOWN"
},
"title": "Horilla Open Redirect Vulnerability in Login"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47789",
"datePublished": "2025-05-15T19:50:28.480Z",
"dateReserved": "2025-05-09T19:49:35.622Z",
"dateUpdated": "2025-05-16T14:51:36.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12138 (GCVE-0-2024-12138)
Vulnerability from nvd – Published: 2024-12-04 14:00 – Updated: 2024-12-04 14:22
VLAI?
Title
horilla create_skills deserialization
Summary
A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
sp1d3r (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T14:22:11.485350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T14:22:19.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "horilla",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sp1d3r (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In horilla bis 1.2.1 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. Dank der Manipulation mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T14:00:14.890Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-286858 | horilla create_skills deserialization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.286858"
},
{
"name": "VDB-286858 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.286858"
},
{
"name": "Submit #451515 | www.horilla.com horilla 1.2.1 Remote Code Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.451515"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Sp1d3rL1/horilla-RCE"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-12-04T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-12-04T09:53:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "horilla create_skills deserialization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-12138",
"datePublished": "2024-12-04T14:00:14.890Z",
"dateReserved": "2024-12-04T08:48:46.029Z",
"dateUpdated": "2024-12-04T14:22:19.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}