PT-2025-21178 · Sourcecodester · Sourcecodester Best Employee Management System
Published
2025-05-14
·
Updated
2025-05-14
·
CVE-2025-44184
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
SourceCodester Best Employee Management System version V1.0
Description:
The issue concerns a Cross Site Scripting (XSS) vulnerability. It affects the /admin/profile.php endpoint via the
website image, fname, lname, contact, username, and address parameters.Recommendations:
For SourceCodester Best Employee Management System version V1.0, consider restricting access to the /admin/profile.php endpoint until a fix is available. As a temporary workaround, avoid using the
website image, fname, lname, contact, username, and address parameters in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Best Employee Management System