CNNVD-202509-3790 Information
CNNVD ID
CNNVD-202509-3790
Related CVE
- CNNVD Published: 2025-09-24
Description (Chinese)
Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.4.0之前版本存在代码问题漏洞,该漏洞源于应用程序中清理不当,可能导致跨站脚本攻击,进而导致管理员账户接管。
Description (English)
Horilla is a free open-source human resources software for Horilla. Prior to Horilla 1.4.0, there was a code problem loophole, which stemmed from inappropriate clean-up in the application, which could lead to a cross-site script attack, leading to the taking over of the administrator ’ s account.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
HortusFox
Published
2025-09-24
Last Modified
2026-02-24
References
https://github.com/horilla-opensource/horilla/releases/tag/1.4.0 https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rp5m-vpqr-vpvp https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59525/2025-08-Horilla_Vulnerability_2.pdf https://access.redhat.com/security/cve/cve-2025-59525
Patch
https://github.com/horilla-opensource/horilla/releases
Share on: