Cross-Site Scripting in Employee Record System by Code-Projects
CVE-2025-4744
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 16 May 2025
Badges
What is CVE-2025-4744?
A cross-site scripting vulnerability exists within the Employee Record System 1.0 developed by Code-Projects, particularly affecting the functionality of the dashboard's edit_employee.php file. This vulnerability arises from improper handling of user-supplied input parameters, namely employeed_id, first_name, middle_name, and last_name, allowing attackers to inject malicious scripts. If exploited, this vulnerability could enable remote attackers to execute arbitrary scripts in the context of users' browsers, potentially compromising sensitive user information and session integrity.
Affected Version(s)
Employee Record System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved