CNNVD-202509-3964 Information

CNNVD ID

CNNVD-202509-3964

Related CVE

CVE-2025-59832

• CNNVD Published: 2025-09-25

Description (Chinese)

Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.4.0之前版本存在安全漏洞，该漏洞源于票证评论编辑器存在存储型跨站脚本，可能导致低权限用户执行任意JavaScript代码并劫持管理员会话。

Description (English)

Horilla is a free open-source human resources software for Horilla. Prior to Horilla 1.4.0, there was a security loophole, which stemmed from the existence of a stored cross-site script in the ticket review editor, which could lead to the execution of an arbitrary JavaScript code by low-authority users and the hijacking of the administrator ’ s session.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Horilla

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/Mmo-kali/CVE/blob/main/CVE-2025-59832/2025-08-Horilla_Vulnerability_1.pdf https://github.com/horilla-opensource/horilla/security/advisories/GHSA-8x78-6q9g-hv2h

Patch

https://github.com/horilla-opensource/horilla/releases