Vulnerability Details CVE-2026-24034
Horilla is a free and open source Human Resource Management System (HRMS). In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.9%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2026-24034
-
cpe:2.3:a:horilla:horilla:1.0.0
-
cpe:2.3:a:horilla:horilla:1.1.0
-
cpe:2.3:a:horilla:horilla:1.2.0
-
cpe:2.3:a:horilla:horilla:1.2.1
-
cpe:2.3:a:horilla:horilla:1.2.2
-
cpe:2.3:a:horilla:horilla:1.2.3
-
cpe:2.3:a:horilla:horilla:1.3
-
cpe:2.3:a:horilla:horilla:1.3.1
-
cpe:2.3:a:horilla:horilla:1.3.2
-
cpe:2.3:a:horilla:horilla:1.4.0