CVE-2025-1592 MEDIUM

CVE-2025-1592: SourceCodester Best Employee Management System Add Role Page Role.php cross site scripting

Vendor Sourcecodester
Product Best Employee Management System
Weakness CWE-79 · XSS
Published February 23, 2025
Last update February 24, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in SourceCodester Best Employee Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/Operations/Role.php of the component Add Role Page. The manipulation of the argument assign_name/description leads to cross site scripting. The attack may be launched remotely.

Key dates

02Disclosure timeline

February 23, 2025 CVE published
February 24, 2025 Record updated