Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Horilla Open Source Horilla 1.0.2: Remote Open Redirect Risk
CVE-2026-3049
Summary
Horilla Open Source Horilla versions up to 1.0.2 can redirect users to a malicious website. This makes it possible for attackers to trick users into visiting unauthorized sites. To protect your users, update to version 1.0.3 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| horilla | horilla | <= 1.0.3 | – |
Original title
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. T...
Original description
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the function get of the file horilla_generics/global_search.py of the component Query Parameter Handler. The manipulation of the argument prev_url results in open redirect. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 1.0.3 is capable of addressing this issue. The patch is identified as 730b5a44ff060916780c44a4bdbc8ced70a2cd27. The affected component should be upgraded.
nvd CVSS2.0
5.0
nvd CVSS3.1
6.1
nvd CVSS4.0
5.3
Vulnerability type
CWE-601
Open Redirect
- https://github.com/Stolichnayer/Horilla-CRM-Open-Redirect Exploit Third Party Advisory
- https://github.com/horilla-opensource/horilla-crm/commit/730b5a44ff060916780c44a... Patch
- https://github.com/horilla-opensource/horilla-crm/releases/tag/1.0.3 Release Notes
- https://vuldb.com/?ctiid.347407 Permissions Required VDB Entry
- https://vuldb.com/?id.347407 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.757296 Third Party Advisory VDB Entry
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026