Saharshtapi

Name of the Vulnerable Software and Affected Versions: Horilla versions prior to 1.3 Description: Horilla is a free and open source Human Resource Management System (HRMS). In affected versions, an attacker can manipulate a Horilla URL to refer to an external domain. Upon clicking and logging in, the user is redirected to this external domain, allowing redirection to any arbitrary site, including phishing or malicious domains. This can be used to impersonate Horilla and trick users. Recommendations: For versions prior to 1.3, update to a version that includes the fix commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 to resolve the issue. As a temporary workaround, consider restricting access to external domains from within Horilla to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** titra versions prior to 0.77.0 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which affects the GitHub repository kromitgmbh/titra. **Recommendations** For versions prior to 0.77.0, update to version 0.77.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** titra versions prior to 0.77.0 **Description** The issue concerns improper neutralization of formula elements in a CSV file. This problem affects the GitHub repository kromitgmbh/titra. **Recommendations** For versions prior to 0.77.0, update to version 0.77.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** titra versions prior to 0.77.0 **Description** The issue is related to Cross-site Scripting (XSS) - Generic. This is a type of security vulnerability that occurs when an application includes user input in its output without proper validation, allowing an attacker to inject malicious scripts into the application. **Recommendations** For versions prior to 0.77.0, update to version 0.77.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** titra versions prior to 0.77.0 **Description** The issue is related to Cross-site Scripting (XSS) - DOM, which occurs when an application includes user input in its output without proper validation or escaping, allowing an attacker to inject malicious scripts. This can lead to unauthorized actions on behalf of the user, such as stealing session cookies or performing actions as the user. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 0.77.0, update to version 0.77.0 or later to resolve the issue. As a temporary workaround, consider restricting user input in the application to minimize the risk of exploitation. Avoid using potentially vulnerable API endpoints until the issue is resolved.