Cross-Site Scripting in SourceCodester Best Employee Management System
CVE-2025-1592

4.8MEDIUM

Key Information:

Vendor
Sourcecodester
Status
Best Employee Management System
Vendor
CVE Published:
23 February 2025

Summary

A security flaw exists within the Add Role Page of the SourceCodester Best Employee Management System, specifically in the Operations/Role.php file. Malicious actors can exploit this issue by manipulating the assign_name and description parameters. This can lead to cross-site scripting attacks, which may be executed remotely, potentially compromising user security and data integrity.

Affected Version(s)

Best Employee Management System 1.0

References

https://vuldb.com/?id.296576
vdb-entrytechnical-description
https://vuldb.com/?ctiid.296576
signaturepermissions-required
https://vuldb.com/?submit.505210
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dariusz (VulDB User)
.