CVE-2020-35272

Name of the Vulnerable Software and Affected Versions: Employee Performance Evaluation System in PHP/MySQLi with Source Code version 1.0

Description: The issue concerns cross-site scripting (XSS) in the Admin Portal, specifically in the Task and Description fields. This allows for potential malicious script injection, which could lead to unauthorized actions on the system.

Recommendations: For Employee Performance Evaluation System in PHP/MySQLi with Source Code version 1.0, consider validating and sanitizing user input in the Task and Description fields to prevent XSS attacks. As a temporary workaround, restrict access to the Admin Portal to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.