PT-2025-7127 · Unknown · Kashipara Online Attendance Management System
Ratnesh Kumar
·
Published
2025-02-14
·
Updated
2025-02-14
·
CVE-2025-26158
CVSS v3.1
5.6
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
Kashipara Online Attendance Management System version V1.0
Description:
A Stored Cross-Site Scripting (XSS) issue was found in the manage-employee.php page, allowing remote attackers to execute arbitrary scripts via the
department parameter.Recommendations:
For Kashipara Online Attendance Management System version V1.0, consider restricting access to the manage-employee.php page until a fix is available, and avoid using the
department parameter in this context to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kashipara Online Attendance Management System