exploitDog

CVE-2026-24034

Опубликовано: 22 янв. 2026

Источник: nvd

CVSS3: 5.4

CVSS3: 5.4

EPSS Низкий

Описание

Horilla is a free and open source Human Resource Management System (HRMS). In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue.

Ссылки

https://github.com/horilla-opensource/horilla/releases/tag/1.5.0
Release Notes
https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mvwg-7c8w-qw2p
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:horilla:horilla:*:*:*:*:*:*:*:*

Версия до 1.5.0 (исключая)

EPSS

Процентиль: 1%

0.0001

Низкий

5.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-434

EPSS

Процентиль: 1%

0.0001

Низкий

5.4 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-434