Search criteria
2 vulnerabilities by CoreHR
CVE-2019-25064 (GCVE-0-2019-25064)
Vulnerability from cvelistv5 – Published: 2022-06-09 13:10 – Updated: 2025-04-15 14:31
VLAI
Title
CoreHR Core Portal cross-site request forgery
Summary
A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component.
Severity
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://vuldb.com/?id.146832 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CoreHR | Core Portal |
Affected:
27.0.0
Affected: 27.0.1 Affected: 27.0.2 Affected: 27.0.3 Affected: 27.0.4 Affected: 27.0.5 Affected: 27.0.6 Affected: 27.0.7 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.146832"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:43.251464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:31:38.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Core Portal",
"vendor": "CoreHR",
"versions": [
{
"status": "affected",
"version": "27.0.0"
},
{
"status": "affected",
"version": "27.0.1"
},
{
"status": "affected",
"version": "27.0.2"
},
{
"status": "affected",
"version": "27.0.3"
},
{
"status": "affected",
"version": "27.0.4"
},
{
"status": "affected",
"version": "27.0.5"
},
{
"status": "affected",
"version": "27.0.6"
},
{
"status": "affected",
"version": "27.0.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alessandro Magnosi"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T13:10:24.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.146832"
}
],
"title": "CoreHR Core Portal cross-site request forgery",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2019-25064",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "CoreHR Core Portal cross-site request forgery"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Core Portal",
"version": {
"version_data": [
{
"version_value": "27.0.0"
},
{
"version_value": "27.0.1"
},
{
"version_value": "27.0.2"
},
{
"version_value": "27.0.3"
},
{
"version_value": "27.0.4"
},
{
"version_value": "27.0.5"
},
{
"version_value": "27.0.6"
},
{
"version_value": "27.0.7"
}
]
}
}
]
},
"vendor_name": "CoreHR"
}
]
}
},
"credit": "Alessandro Magnosi",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vuldb.com/?id.146832",
"refsource": "MISC",
"url": "https://vuldb.com/?id.146832"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2019-25064",
"datePublished": "2022-06-09T13:10:24.000Z",
"dateReserved": "2022-06-04T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:31:38.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18221 (GCVE-0-2019-18221)
Vulnerability from cvelistv5 – Published: 2019-10-25 21:12 – Updated: 2024-08-05 01:47
VLAI
Summary
CoreHR Core Portal before 27.0.7 allows stored XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.corehr.com | x_refsource_MISC |
| https://vuldb.com/?id.144170 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.corehr.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.144170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreHR Core Portal before 27.0.7 allows stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-25T21:12:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.corehr.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.144170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoreHR Core Portal before 27.0.7 allows stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.corehr.com",
"refsource": "MISC",
"url": "https://www.corehr.com"
},
{
"name": "https://vuldb.com/?id.144170",
"refsource": "MISC",
"url": "https://vuldb.com/?id.144170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18221",
"datePublished": "2019-10-25T21:12:18.000Z",
"dateReserved": "2019-10-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:47:14.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}