PT-2025-21603 · Unknown · Code-Projects Employee Record System
872323857
·
Published
2025-05-16
·
Updated
2025-05-16
·
CVE-2025-4745
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
code-projects Employee Record System version 1.0
Description:
A problematic issue was found in the code-projects Employee Record System. This issue affects an unknown part of the file
current employees.php. The manipulation of the arguments employeed id, first name, middle name, and last name leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations:
For code-projects Employee Record System version 1.0, consider validating and sanitizing the
employeed id, first name, middle name, and last name arguments to prevent cross-site scripting attacks. As a temporary workaround, restrict access to the current employees.php file until a patch is available.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Code-Projects Employee Record System