NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41513

Summary	Horilla is an HR and CRM software. In 1.5.0, the notification endpoints trust the unvalidated next parameter and redirect users to arbitrary external URLs. This allows an attacker to turn trusted application links into phishing or social-engineering redirects.
Publication Date	May 13, 2026, 3:17 a.m.
Registration Date	May 13, 2026, 4:15 a.m.
Last Update	May 13, 2026, 3:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/horilla/horilla-hr/commit/734f0c7ed4ac96fe8615d1b592180ea8a46eb8b6	security-advisories@github.com
2	https://github.com/horilla/horilla-hr/security/advisories/GHSA-vqg4-fc32-cwvw	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-601	オープンリダイレクト	https://cwe.mitre.org/data/definitions/601.html