Evolution Consulting HRmaster Module HTML Injection Vulnerability in Registration Interface

Vulnerability

A HTML injection vulnerability has been identified in the registration interface of Evolution Consulting Kft. HRmaster module version 235. This vulnerability allows an attacker to inject HTML tags into the firstname field, which are then sent out via email. This could lead to phishing scenarios targeting any previously unregistered email address. The injected HTML could be exploited in emails sent as confirmation after registration and after applying for a job.

Impact

Exploitation of this vulnerability could result in HTML injection, allowing for the creation of malicious emails that could be used for phishing attacks.

Added: Aug 21, 2025, 8:28 PM

Updated: Aug 21, 2025, 8:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Evolution Consulting HRmaster Module HTML Injection Vulnerability in Registration Interface

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating