hrsale CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

hrsale vulnerability overview

Aggregates CVE and security vulnerability intelligence across all hrsale-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting, vendor risk csrf, and vendor risk path handling and related problems; some flaws may lead to vendor impact file overwrite and vendor impact session compromise.

Vulnerability distribution trend (last 24 months)

Showing 13 of 3 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2020-37145 HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges. [email protected] 5.1 0.16% 2026-02-05 2026-06-16
CVE-2020-29053 HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter. [email protected] 6.1 0.69% 2020-11-24 2026-06-16
CVE-2020-27993 Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. [email protected] 5.3 2.46% 2020-10-29 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence