Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Horilla has File Upload XSS
Vulnerability Description
Horilla is a free and open source Human Resource Management System (HRMS). In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Horilla 代码问题漏洞
Vulnerability Description
Horilla是Horilla公司的一款免费的开源人力资源软件。 Horilla 1.5.0之前版本存在代码问题漏洞,该漏洞源于更新个人资料照片时未检查扩展名和内容类型,可能导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A