Cross-Site Scripting Vulnerability in Employee Record System by Code-Projects
CVE-2025-4745
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 16 May 2025
Badges
What is CVE-2025-4745?
A cross-site scripting vulnerability exists in the Employee Record System 1.0 by Code-Projects, specifically in the 'current_employees.php' file. This flaw allows attackers to manipulate parameters such as 'employeed_id', 'first_name', 'middle_name', and 'last_name', enabling remote exploitation. Since the exploit has been publicized, it poses a significant security risk, making it crucial for users of this system to implement necessary security measures.
Affected Version(s)
Employee Record System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved