Horilla
Monthly
Broken access control in Horilla HRMS 1.5.0 helpdesk module allows any authenticated employee to view support ticket attachments belonging to other users by manipulating attachment IDs in URLs. This exposes confidential HR documents, employee grievances, and internal communications across organizational boundaries. The vulnerability requires only basic authentication (CVSS PR:L) with no technical complexity (AC:L), making it trivially exploitable by malicious insiders. EPSS data not available, not currently listed in CISA KEV, but the authentication bypass tag indicates a fundamental access control failure in a system designed to handle sensitive employee data.
Authenticated users in Horilla HRMS 1.5.0 can overwrite or corrupt any employee's documents via insecure direct object reference (IDOR) in the document upload endpoint. By manipulating the document ID parameter in upload requests, attackers with low-level access can modify HR records belonging to other employees, including executives or administrators. This enables unauthorized tampering with sensitive personnel files such as contracts, certifications, or compliance documents. EPSS data not available; no confirmed active exploitation (not in CISA KEV), though exploitation requires only basic authentication and no technical complexity (CVSS AV:N/AC:L/PR:L).
Insecure direct object reference in Horilla HRMS 1.5.0 employee document viewer allows authenticated users to access other employees' sensitive HR files by manipulating document IDs in API requests. Successful exploitation exposes identity documents, employment contracts, certificates, and other confidential employee records. No public exploit code identified at time of analysis, with EPSS data unavailable for this 2026 CVE.
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. [CVSS 3.5 LOW]
Horilla HRMS 1.4.0 contains insufficient server-side authorization checks that permit low-privileged employees to self-approve documents they have submitted, bypassing intended administrative-only controls. Public exploit code exists for this vulnerability, enabling standard users to alter HR application state and potentially submit unvetted credentials or certifications. The integrity of HR document workflows is compromised as employees can modify approval statuses reserved for administrators.
Horilla HRMS versions prior to 1.5.0 allow authenticated attackers to bypass two-factor authentication due to improper OTP validation that treats missing OTP fields as valid when the OTP has expired. Public exploit code exists for this vulnerability, enabling attackers with user credentials to gain unauthorized access to accounts, particularly administrative accounts with access to sensitive HR data and employee records. An attacker exploiting this flaw could manipulate employee information and compromise system-wide operations.
Horilla HRMS version 1.4.0 contains insufficient input validation in its XSS prevention function, allowing attackers to bypass protections through context-agnostic regex patterns. Public exploit code exists for this vulnerability, enabling attackers to redirect users to malicious sites, execute arbitrary JavaScript, and steal CSRF tokens for use in admin-targeted attacks. The vulnerability affects Horilla 1.4.0 and has been patched in version 1.5.0.
Horilla HRMS versions 1.4.0 and above allow unauthenticated access to unpublished job postings through the /recruitment/recruitment-details/ endpoint, exposing draft job titles, descriptions, and application workflows. An attacker can leverage public exploit code to view sensitive internal hiring information and access recruitment processes for unpublished positions. The vulnerability affects all users with network access to affected Horilla instances and has been patched in version 1.5.0.
Horilla is a free and open source Human Resource Management System (HRMS). [CVSS 4.3 MEDIUM]
Horilla versions up to 1.5.0 is affected by unrestricted upload of file with dangerous type (CVSS 5.4).
Horilla versions up to 1.5.0 contains a vulnerability that allows attackers to deploy phishing attacks (CVSS 8.0).
Horilla is a free and open source Human Resource Management System (HRMS). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
Broken access control in Horilla HRMS 1.5.0 helpdesk module allows any authenticated employee to view support ticket attachments belonging to other users by manipulating attachment IDs in URLs. This exposes confidential HR documents, employee grievances, and internal communications across organizational boundaries. The vulnerability requires only basic authentication (CVSS PR:L) with no technical complexity (AC:L), making it trivially exploitable by malicious insiders. EPSS data not available, not currently listed in CISA KEV, but the authentication bypass tag indicates a fundamental access control failure in a system designed to handle sensitive employee data.
Authenticated users in Horilla HRMS 1.5.0 can overwrite or corrupt any employee's documents via insecure direct object reference (IDOR) in the document upload endpoint. By manipulating the document ID parameter in upload requests, attackers with low-level access can modify HR records belonging to other employees, including executives or administrators. This enables unauthorized tampering with sensitive personnel files such as contracts, certifications, or compliance documents. EPSS data not available; no confirmed active exploitation (not in CISA KEV), though exploitation requires only basic authentication and no technical complexity (CVSS AV:N/AC:L/PR:L).
Insecure direct object reference in Horilla HRMS 1.5.0 employee document viewer allows authenticated users to access other employees' sensitive HR files by manipulating document IDs in API requests. Successful exploitation exposes identity documents, employment contracts, certificates, and other confidential employee records. No public exploit code identified at time of analysis, with EPSS data unavailable for this 2026 CVE.
A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. [CVSS 3.5 LOW]
Horilla HRMS 1.4.0 contains insufficient server-side authorization checks that permit low-privileged employees to self-approve documents they have submitted, bypassing intended administrative-only controls. Public exploit code exists for this vulnerability, enabling standard users to alter HR application state and potentially submit unvetted credentials or certifications. The integrity of HR document workflows is compromised as employees can modify approval statuses reserved for administrators.
Horilla HRMS versions prior to 1.5.0 allow authenticated attackers to bypass two-factor authentication due to improper OTP validation that treats missing OTP fields as valid when the OTP has expired. Public exploit code exists for this vulnerability, enabling attackers with user credentials to gain unauthorized access to accounts, particularly administrative accounts with access to sensitive HR data and employee records. An attacker exploiting this flaw could manipulate employee information and compromise system-wide operations.
Horilla HRMS version 1.4.0 contains insufficient input validation in its XSS prevention function, allowing attackers to bypass protections through context-agnostic regex patterns. Public exploit code exists for this vulnerability, enabling attackers to redirect users to malicious sites, execute arbitrary JavaScript, and steal CSRF tokens for use in admin-targeted attacks. The vulnerability affects Horilla 1.4.0 and has been patched in version 1.5.0.
Horilla HRMS versions 1.4.0 and above allow unauthenticated access to unpublished job postings through the /recruitment/recruitment-details/ endpoint, exposing draft job titles, descriptions, and application workflows. An attacker can leverage public exploit code to view sensitive internal hiring information and access recruitment processes for unpublished positions. The vulnerability affects all users with network access to affected Horilla instances and has been patched in version 1.5.0.
Horilla is a free and open source Human Resource Management System (HRMS). [CVSS 4.3 MEDIUM]
Horilla versions up to 1.5.0 is affected by unrestricted upload of file with dangerous type (CVSS 5.4).
Horilla versions up to 1.5.0 contains a vulnerability that allows attackers to deploy phishing attacks (CVSS 8.0).
Horilla is a free and open source Human Resource Management System (HRMS). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Horilla is a free and open source Human Resource Management System (HRMS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.