VYPR

HRSALE

by HRSALE

CVEs (7)

  • CVE-2018-10260HigMay 1, 2018
    risk 0.61cvss 8.8epss 0.06

    A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.

  • CVE-2018-10257HigMay 1, 2018
    risk 0.61cvss 8.8epss 0.04

    A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.

  • CVE-2018-10256HigMay 1, 2018
    risk 0.60cvss 8.8epss 0.03

    A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.

  • CVE-2020-29053MedNov 24, 2020
    risk 0.40cvss 6.1epss 0.01

    HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.

  • CVE-2018-10259MedMay 1, 2018
    risk 0.38cvss 5.4epss 0.02

    An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.

  • CVE-2020-27993MedOct 29, 2020
    risk 0.35cvss 5.3epss 0.02

    Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.

  • CVE-2020-37145MedFeb 5, 2026
    risk 0.28cvss 4.3epss 0.00

    HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into…