CVE-2025-2590 MEDIUM

CVE-2025-2590: code-projects Human Resource Management System recruitment.go UpdateRecruitmentById cross site scripting

Vendor Code-Projects
Product Human Resource Management System
Weakness CWE-79 · XSS
Published March 21, 2025
Last update March 21, 2025
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

March 21, 2025 CVE published
March 21, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-52585 Autolab has HTML Injection Vulnerability CVE-2025-26734 WordPress Hester plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability CVE-2022-4971 Sassy Social Share <= 3.3.3 - Reflected Cross-Site Scripting CVE-2025-4804 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration CVE-2026-1304 Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings