MidnightBSD

Advisories for hrsale

CVE-2020-27993 MEDIUM

Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
hrsale hrsale 2.0.0
CVE-2020-29053 MEDIUM

HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
hrsale hrsale 2.0.0