Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A low-privilege authenticated user could run arbitrary JavaScript in an admin’s browser, exfiltrate the admin’s cookies/CSRF token, and hijack their session. This issue has been patched in version 1.4.0.
An attacker logged in as a regular user injects malicious JavaScript code into the comment field in the ticket module. The injected payload is permanently stored in the database and rendered without proper sanitization each time the comment is displayed to other users. When an administrator opens a view containing the infected comment, the script executes in their browser context, allowing for theft of session cookies and CSRF token.
An attacker can steal the administrator's session (cookies, CSRF token) and fully take over their account, gaining unauthorized access to all HRMS system functions with admin privileges.
Update Horilla HRMS to version 1.4.0, where the vulnerability was patched by the vendor.
Horilla HRMS in versions before 1.4.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:LHorilla
APPHorilla< 1.4.0
Related vulnerabilities
Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the OTP handling ...
Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerabilit...
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sa...
Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access up...
Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execut...