CVE-2025-3706 MEDIUM

CVE-2025-3706: 104 Corporation eHRMS - Reflected Cross-Site Scripting

Vendor 104 Corporation

Product eHRMS

Weakness CWE-79 · XSS

Published April 28, 2025

Last update April 28, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

Key dates

02Disclosure timeline

April 28, 2025 CVE published

April 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-3706 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-29124 WordPress Advanced Access Manager plugin <= 6.9.20 - Cross Site Scripting (XSS) vulnerability CVE-2025-53290 WordPress WP Visual Sitemap plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify CVE-2023-34010 WordPress Media Library Assistant Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS) CVE-2023-48498 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)