CVE-2025-51989

CVSS v3.1

7.0

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions: HRmaster module version 235

Description: An HTML injection flaw exists in the registration interface of the HRmaster module. An attacker can inject HTML tags into the keresztnév (firstname) field. This injected HTML is included in emails, potentially enabling phishing attacks against previously unregistered email addresses.

Recommendations: Sanitize user input in the keresztnév (firstname) field during the registration process to prevent HTML injection.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80

Related Identifiers

CVE-2025-51989

Affected Products

Hrmaster Module

CVE-2025-51989

Weakness Enumeration

Related Identifiers

Affected Products

References · 7