VYPR

hrms

by pbrong

Source repositories

CVEs (4)

  • CVE-2025-1815HigMar 2, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability, which was classified as critical, was found in pbrong hrms up to 1.0.1. This affects the function HrmsDB of the file \resource\resource.go. The manipulation of the argument user_cookie leads to improper authorization. It is possible to initiate the attack…

  • CVE-2018-12653MedMar 25, 2019
    risk 0.43cvss 6.1epss 0.03

    A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.

  • CVE-2018-12650MedOct 24, 2018
    risk 0.43cvss 6.1epss 0.03

    Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.

  • CVE-2026-1161LowJan 19, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.