Reflected Cross-Site Scripting in Human Resource Management System by INCIBE
CVE-2025-40683

4.8MEDIUM

Key Information:

Vendor: Human Resource Management System
Status: Human Resource Management System
Vendor: CVE Published:; 29 July 2025

🔔 Create Human Resource Management System Vulnerability Alert

What is CVE-2025-40683?

A reflected cross-site scripting vulnerability exists in the Human Resource Management System, specifically in version 1.0. This flaw allows attackers to craft malicious URLs that, when clicked by a victim, may execute arbitrary JavaScript code in their browser. This type of vulnerability poses a significant risk as it can lead to unauthorized actions carried out on behalf of the user and steal sensitive information.

Affected Version(s)

Human Resource Management System 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Rafael Pedrero