Cross Site Scripting Vulnerability in Best Employee Management System by SourceCodester
CVE-2025-44184

4.8MEDIUM

Key Information:

Vendor: SourceCodester
Status: Best Employee Management System
Vendor: CVE Published:; 14 May 2025

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2025-44184?

The Best Employee Management System by SourceCodester is susceptible to Cross Site Scripting (XSS) attacks through multiple input fields including website_image, fname, lname, contact, username, and address. This vulnerability allows attackers to inject malicious scripts which, when executed, may compromise the integrity of user data and the overall security of the application. Proper sanitization and validation of user inputs are essential to mitigate such security risks. Regular updates and patches from the vendor should be implemented to protect against emerging threats.

References

https://www.sourcecodester.com/php/17689/best-employee-ma...

https://github.com/cumakurt/CVE-SourceCodester-Best-Emplo...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
Apr 22, 2025