Aggregates CVE and security vulnerability intelligence across all hrsale_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, and vendor risk input validation and related problems; some flaws may lead to vendor impact unexpected behavior.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-10260 | A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | [email protected] | 8.8 | 2.02% | 2018-05-01 | 2024-11-21 |
| CVE-2018-10259 | An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | [email protected] | 5.4 | 0.19% | 2018-05-01 | 2024-11-21 |
| CVE-2018-10257 | A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | [email protected] | 8.8 | 0.78% | 2018-05-01 | 2024-11-21 |
| CVE-2018-10256 | A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query. | [email protected] | 8.8 | 0.24% | 2018-05-01 | 2024-11-21 |