CVE-2025-59832

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.4.0

Description Horilla is a Human Resource Management System (HRMS). A stored cross-site scripting (XSS) issue exists in the ticket comment editor for versions prior to 1.4.0. An authenticated user with limited privileges can execute arbitrary JavaScript code in an administrator’s browser. This could allow for the theft of cookies and CSRF tokens, potentially leading to session hijacking. The issue affects the ticket comment editor functionality.

Recommendations Update to version 1.4.0 or later.