Vulnerabilities > Hrsale Project

DATE CVE VULNERABILITY TITLE RISK
2018-05-01 CVE-2018-10260 Improper Input Validation vulnerability in Hrsale Project Hrsale 1.0.2
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
network
low complexity
hrsale-project CWE-20
6.5
2018-05-01 CVE-2018-10259 Cross-site Scripting vulnerability in Hrsale Project Hrsale 1.0.2
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
3.5
2018-05-01 CVE-2018-10257 Improper Neutralization of Formula Elements in a CSV File vulnerability in Hrsale Project Hrsale 1.0.2
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
network
low complexity
hrsale-project CWE-1236
6.5
2018-05-01 CVE-2018-10256 SQL Injection vulnerability in Hrsale Project Hrsale 1.0.2
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
network
low complexity
hrsale-project CWE-89
6.5