Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

horilla-opensource — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting horilla-opensource. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Horilla-opensource is an HR management platform designed for streamlining workforce operations and employee data handling. Historically, the project has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 19 recorded CVEs. Security researchers have identified consistent weaknesses in access controls and input validation, with several critical RCE flaws allowing unauthorized system compromise. While no major public security incidents have been documented, the high concentration of CVEs suggests ongoing challenges in secure development practices, particularly in authentication mechanisms and data sanitization.

Top products by horilla-opensource: horilla
CVE IDTitleCVSSSeverityPublished
CVE-2026-40867 Horilla: Unauthorized Helpdesk Attachment Access via Attachment ID Manipulation — horillaCWE-284 6.5AIMediumAI2026-04-21
CVE-2026-40866 Horilla: Unauthorized Document Overwrite via File Upload Endpoint — horillaCWE-284 4.3AIMediumAI2026-04-21
CVE-2026-40865 Horilla: Insecure Direct Object Reference at `/employee/view-file/<int:id> — horillaCWE-284 6.5AIMediumAI2026-04-21
CVE-2026-3050 horilla-opensource horilla Leads global.js cross site scripting — horillaCWE-79 3.5 Low2026-02-24
CVE-2026-3049 horilla-opensource horilla Query Parameter global_search.py get redirect — horillaCWE-601 4.3 Medium2026-02-24
CVE-2026-24039 Horilla's Improper Access Control Allows Employees to Auto-Approve Documents — horillaCWE-284 4.3 Medium2026-01-22
CVE-2026-24038 Horilla HR has 2FA Bypass through its OTP Handling Logic — horillaCWE-287 8.1 High2026-01-22
CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name — horillaCWE-79 4.8 Medium2026-01-22
CVE-2026-24036 Horilla Exposes Unpublished Job Disclosures through Unauthenticated API — horillaCWE-284 5.3 Medium2026-01-22
CVE-2026-24035 Horilla has Improper Access Control Issue that Allows Unauthorized Document Upload on Behalf of Another Employee — horillaCWE-284 4.3 Medium2026-01-22
CVE-2026-24034 Horilla has File Upload XSS — horillaCWE-434 5.4 Medium2026-01-22
CVE-2026-24010 Horilla has HTML Injection Issue that, with Phishing, Leads to Account Takeover — horillaCWE-74 8.0AIHighAI2026-01-22
CVE-2025-59832 Horrila Stored XSS Vulnerability via Ticket Comment section — horillaCWE-79 9.9 Critical2025-09-25
CVE-2025-59525 Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover — horillaCWE-79 5.4AIMediumAI2025-09-24
CVE-2025-59524 Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel — horillaCWE-79 8.8AIHighAI2025-09-24
CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules — horillaCWE-79 4.8 Medium2025-09-24
CVE-2025-48869 Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control — horillaCWE-284 7.5 High2025-09-24
CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive — horillaCWE-95 7.2 High2025-09-24
CVE-2025-47789 Horilla Open Redirect Vulnerability in Login — horillaCWE-601 6.1 Medium2025-05-15

This page lists every published CVE security advisory associated with horilla-opensource. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.