CVE-2026-24037

{"id": "CVE-2026-24037", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-24037", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-22T12:35:41.669918Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "horilla-opensource", "product": "horilla", "versions": [{"status": "affected", "version": ">= 1.4.0, < 1.5.0"}]}]}], "published": "2026-01-22T04:15:59.743", "references": [{"url": "https://github.com/horilla-opensource/horilla/releases/tag/1.5.0", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/horilla-opensource/horilla/security/advisories/GHSA-rqw5-fjm4-rgvm", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the has_xss() function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to redirect users to malicious domains, run external JavaScript, and steal CSRF tokens that can be used to craft CSRF attacks against admins. This issue has been fixed in version 1.5.0."}, {"lang": "es", "value": "Horilla es un Sistema de Gesti\u00f3n de Recursos Humanos (HRMS) gratuito y de c\u00f3digo abierto. En la versi\u00f3n 1.4.0, la funci\u00f3n has_xss() intenta bloquear XSS comparando la entrada con un conjunto de patrones de expresiones regulares. Sin embargo, las expresiones regulares son incompletas y agn\u00f3sticas al contexto, lo que las hace f\u00e1ciles de eludir. Los atacantes pueden redirigir a los usuarios a dominios maliciosos, ejecutar JavaScript externo y robar tokens CSRF que pueden usarse para elaborar ataques CSRF contra administradores. Este problema ha sido solucionado en la versi\u00f3n 1.5.0."}], "lastModified": "2026-06-17T10:22:30.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:horilla:horilla:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55143854-C369-4CAA-B671-90EFC9170F64"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}