CVE-2025-26258

Name of the Vulnerable Software and Affected Versions Sourcecodester Employee Management System version 1.0

Description The software is susceptible to Cross Site Scripting (XSS) attacks. The vulnerability is located in the 'Add Designation' functionality. The Add Designation feature does not properly sanitize user-supplied data, allowing an attacker to inject malicious scripts into the web page. These scripts can then be executed in the context of other users' browsers, potentially leading to session hijacking or defacement.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider implementing strict input validation and output encoding for the 'Add Designation' functionality.