CVE-2026-24034
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| horilla | horilla | to 1.5.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) issue in the Horilla HRMS software versions prior to 1.5.0. It occurs because the system does not validate the file extension or content-type when users update their profile photos. This allows an attacker to upload malicious files, such as HTML files containing JavaScript, which can then execute scripts in the victim's browser context. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute arbitrary scripts in the context of a victim's browser. This can lead to theft of cookies and compromise of confidentiality. The impact includes limited data exposure and limited data modification, but no impact on service availability. The attack can be performed remotely with low complexity and minimal privileges, without requiring user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the profile photo update endpoint for uploads of files with suspicious extensions such as .html or content-types like text/html instead of expected image types. For example, you can use network traffic inspection tools like tcpdump or Wireshark to filter HTTP POST requests containing 'Content-Type: text/html' or filenames ending with .html. A sample tcpdump command to capture such traffic might be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'Content-Type: text/html' or grep for filenames with .html in the POST data. Additionally, reviewing server logs for profile photo upload requests with unusual file extensions can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Horilla to version 1.5.0 or later, where this vulnerability is fixed by validating file extensions and content-types during profile photo uploads. Until the upgrade is possible, implement strict server-side validation to reject uploads with dangerous file types such as .html and enforce content-type checks to allow only legitimate image formats. Additionally, consider applying web application firewall (WAF) rules to block suspicious upload attempts and monitor for exploitation activity. [1]