PT-2025-14547 · Sourcecodester · Sourcecodester Employee Management System
Xavier Bynum
·
Published
2025-04-02
·
Updated
2025-04-02
·
CVE-2025-29719
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester (rems) Employee Management System version 1.0
Description
The issue concerns Cross Site Scripting (XSS) in the add employee.php file, specifically via the
First Name and Address text fields. This allows for potential malicious script injection.Recommendations
For SourceCodester (rems) Employee Management System version 1.0, consider validating and sanitizing user input for the
First Name and Address fields in the add employee.php file to prevent XSS attacks. As a temporary workaround, restrict access to the add employee.php file until a proper fix is implemented.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Employee Management System