CVE-2025-48867

Name of the Vulnerable Software and Affected Versions Horilla HRM version 1.3.0

Description Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) issue in Horilla HRM version 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields within the Project and Task modules. These payloads are stored in the database and executed when viewed by an admin or other privileged users through the web interface. The issue is not exploitable by unauthenticated users but poses a risk of session hijacking and unauthorized actions within high-privilege accounts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.