HRSALE
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10260 | Hig | 0.61 | 8.8 | 0.06 | May 1, 2018 | A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | ||
| CVE-2018-10257 | Hig | 0.61 | 8.8 | 0.04 | May 1, 2018 | A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | ||
| CVE-2018-10256 | Hig | 0.60 | 8.8 | 0.03 | May 1, 2018 | A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query. | ||
| CVE-2020-29053 | Med | 0.40 | 6.1 | 0.01 | Nov 24, 2020 | HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter. | ||
| CVE-2018-10259 | Med | 0.38 | 5.4 | 0.02 | May 1, 2018 | An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | ||
| CVE-2020-27993 | Med | 0.35 | 5.3 | 0.02 | Oct 29, 2020 | Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. | ||
| CVE-2020-37145 | Med | 0.28 | 4.3 | 0.00 | Feb 5, 2026 | HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into… |
- risk 0.61cvss 8.8epss 0.06
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
- risk 0.61cvss 8.8epss 0.04
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
- risk 0.60cvss 8.8epss 0.03
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
- risk 0.40cvss 6.1epss 0.01
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
- risk 0.38cvss 5.4epss 0.02
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
- risk 0.35cvss 5.3epss 0.02
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.
- risk 0.28cvss 4.3epss 0.00
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into…