Security Advisory

CVE-2020-37145

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-05 16:13:41

Last updated 2026-03-05 01:28:13

Assigner VulnCheck

State PUBLISHED

Description

HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticated administrators into creating new user accounts with elevated privileges.

← Browse all CVEs View on cve.org ↗