CVE-2026-24034

CVSS v3.1

5.4

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.5.0

Description Horilla is a Human Resource Management System (HRMS). Versions prior to 1.5.0 are susceptible to a cross-site scripting issue. This occurs because the extension and content-type are not validated during the profile photo update process.

Recommendations Update to version 1.5.0 or later.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2026-24034

GHSA-MVWG-7C8W-QW2P

Affected Products

Horilla

CVE-2026-24034

Weakness Enumeration

Related Identifiers

Affected Products

References · 9