CVE-2026-3050

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-3050

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3050.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-3050

Published

2026-02-24T01:16:16.307Z

Modified

2026-03-14T12:48:44.895035Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw has been found in horilla-opensource horilla up to 1.0.2. Impacted is an unknown function of the file static/assets/js/global.js of the component Leads Module. This manipulation of the argument Notes causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 1.0.3 is recommended to address this issue. Patch name: fc5c8e55988e89273012491b5f097b762b474546. It is suggested to upgrade the affected component.

References

Affected packages

Git / github.com/horilla-opensource/horilla-crm

Affected ranges

Type: GIT
Repo: https://github.com/horilla-opensource/horilla-crm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fc5c8e55988e89273012491b5f097b762b474546

Type: GIT
Repo: https://github.com/horilla-opensource/horilla-crm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

329c3b041583dde4fcec6c159d7775a574c1356d

Affected versions

1.*

1.0.0

1.0.1

1.0.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3050.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.0.3"
            }
        ]
    }
]