HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.
References
Configurations
No configuration.
History
15 Apr 2026, 00:35
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
05 Feb 2026, 17:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-05 17:16
Updated : 2026-06-17 03:17
NVD link : CVE-2020-37145
Mitre link : CVE-2020-37145
CVE.ORG link : CVE-2020-37145
JSON object : View
Products Affected
No product.
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
