CNNVD-202509-3799 Information

Sep 24, 2025 cve

CNNVD ID

CNNVD-202509-3799

CVE-2025-59524

  • CNNVD Published: 2025-09-24

Description (Chinese)

Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.4.0之前版本存在代码问题漏洞,该漏洞源于文件上传流程仅执行浏览器端验证而未实施服务器端检查,可能导致存储型跨站脚本攻击和凭据窃取。

Description (English)

Horilla is a free open-source human resources software for Horilla. Prior to Horilla 1.4.0, there was a code problem loophole, which stemmed from the fact that the document upload process only performed browser-end verification and did not perform server-end checks, which could lead to storage-type cross-site script attacks and document theft.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

HortusFox

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mff9-p8j9-9v5q https://github.com/horilla-opensource/horilla/releases/tag/1.4.0 https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59524/2025-08-Horilla_Vulnerability_3.pdf https://access.redhat.com/security/cve/cve-2025-59524

Patch

https://github.com/horilla-opensource/horilla/releases

Share on: