CVE-2025-26158

Name of the Vulnerable Software and Affected Versions: Kashipara Online Attendance Management System version V1.0

Description: A Stored Cross-Site Scripting (XSS) issue was found in the manage-employee.php page, allowing remote attackers to execute arbitrary scripts via the department parameter.

Recommendations: For Kashipara Online Attendance Management System version V1.0, consider restricting access to the manage-employee.php page until a fix is available, and avoid using the department parameter in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.