CVE-2025-47789

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-47789

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-47789.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-47789

Aliases

GHSA-cqp5-xx4j-r468

Published

2025-05-15T20:16:09Z

Modified

2025-05-17T14:14:30.415223Z

Summary

[none]

Details

Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers to an external domain. Upon clicking and logging in, the user is redirected to an external domain. This allows the redirection to any arbitrary site, including phishing or malicious domains, which can be used to impersonate Horilla and trick users. Commit 1c72404df6888bb23af73c767fdaee5e6679ebd6 fixes the issue.

References

Affected packages

Git / github.com/horilla-opensource/horilla

Affected ranges

Type: GIT
Repo: https://github.com/horilla-opensource/horilla
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1c72404df6888bb23af73c767fdaee5e6679ebd6

Affected versions

1.*

1.0.0

1.1.0

1.2.0

1.2.1

1.2.2

1.2.3

1.3