Lucene search

Hrsale Security Vulnerabilities

cve

CVE-2020-29053

HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date...

6.1CVSS

5.9AI Score

0.001EPSS

2020-11-24 08:15 PM

cve

CVE-2020-27993

Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary...

5.3CVSS

5.3AI Score

0.078EPSS

2020-10-29 04:15 PM

cve

CVE-2018-10256

A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL...

8.8CVSS

8.9AI Score

0.001EPSS

2018-05-01 07:29 PM

cve

CVE-2018-10257

A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code...

8.8CVSS

8.9AI Score

0.001EPSS

2018-05-01 07:29 PM

cve

CVE-2018-10259

An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged...

5.4CVSS

5.1AI Score

0.001EPSS

2018-05-01 07:29 PM

cve

CVE-2018-10260

A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged...

8.8CVSS

8.5AI Score

0.006EPSS

2018-05-01 07:29 PM