PT-2026-21612 · Unknown · Horilla-Opensource Horilla
Alexperrakis
·
Published
2026-02-24
·
Updated
2026-02-24
·
CVE-2026-3050
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
horilla-opensource horilla versions up to 1.0.2
Description
A security issue exists in horilla-opensource horilla, specifically within the Leads Module. The manipulation of the
Notes argument in an unknown function of the file static/assets/js/global.js can lead to cross-site scripting (XSS). This attack can be carried out remotely. The exploit has been published.Recommendations
Upgrade to version 1.0.3 to address this issue.
Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Horilla-Opensource Horilla