Primary

Context

Lemeconsultoria HCM Galera.app HTML Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability allowing HTML injection has been identified in Lemeconsultoria HCM Galera.app version 4.58.0. This vulnerability enables an attacker to execute arbitrary code by exploiting various components within the application, including training request solicitations, strategic perspective edits, and several other administrative and educational listings and registrations.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the server or client side, depending on the nature of the injected code and the application's handling of such inputs.

Reproduction

To reproduce this vulnerability, navigate to one of the affected components listed in the description. Inject HTML code into the input fields or request parameters. The injected code will be executed, demonstrating the HTML injection flaw.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lemeconsultoria HCM Galera.app HTML Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating