CNNVD-202601-3898 Information

CNNVD ID

CNNVD-202601-3898

Related CVE

CVE-2026-24034

• CNNVD Published: 2026-01-22

Description (Chinese)

Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.5.0之前版本存在代码问题漏洞，该漏洞源于更新个人资料照片时未检查扩展名和内容类型，可能导致跨站脚本。

Description (English)

Horilla is a free open-source human resources software for Horilla. Prior to Horilla 1.5.0, there was a code problem loophole, which stemmed from the fact that no extension and type of content were checked when updating personal data photographs, which could result in a cross-site script.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Horilla

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/horilla-opensource/horilla/releases/tag/1.5.0 https://github.com/horilla-opensource/horilla/security/advisories/GHSA-mvwg-7c8w-qw2p

Patch

https://github.com/horilla-opensource/horilla/releases