CVE-2026-24034

Medium CVSS: 5.4

Horilla is a free and open source Human Resource Management System (HRMS). In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue.

Vendor

Horilla

Product

Horilla

CWE

CWE-434

Yayın Tarihi

2026-01-22 04:15:59

Güncelleme

2026-01-29 19:03:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-434 Horilla MEDIUM Horilla 2026

Referanslar

https://github.com/horilla-opensource/horilla/releases/tag/1.5.0 https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mvwg-7c8w-qw2p

Benzer Kayıtlar

Medium

CVE-2026-3049

A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file…

Medium

CVE-2026-3050

A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/asse…

Medium

CVE-2026-24039

Horilla is a free and open source Human Resource Management System (HRMS). Version 1.4.0 has Improper Access Control, al…

Medium

CVE-2026-24035

Horilla is a free and open source Human Resource Management System (HRMS). An Improper Access Control vulnerability exis…

Medium

CVE-2026-24036

Horilla is a free and open source Human Resource Management System (HRMS). Versions 1.4.0 and above expose unpublished j…

Medium

CVE-2026-24037

Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the has_xss() function atte…