CVE-2025-1591 MEDIUM

CVE-2025-1591: SourceCodester Employee Management System Department Page department.php cross site scripting

Vendor Sourcecodester

Product Employee Management System

Weakness CWE-79 · XSS

Published February 23, 2025

Last update February 24, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /department.php of the component Department Page. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely.

Key dates

02Disclosure timeline

February 23, 2025 CVE published

February 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1591 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-4080 Easy Cart <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2025-3704 WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability CVE-2025-0817 FormCraft - Premium WordPress Form Builder <= 3.9.11 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload CVE-2024-8717 PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer – DearFlip <= 2.3.32 - Reflected Cross-Site Scripting CVE-2025-31815 WordPress Design Blocks plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability