VYPR

Horilla Hr

by Horilla Opensource

Source repositories

CVEs (2)

  • CVE-2026-41513MedMay 12, 2026
    risk 0.24cvss epss 0.00

    Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects.

  • CVE-2025-48867Sep 24, 2025
    risk 0.00cvss epss 0.00

    Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task…