CVE-2025-40684 MEDIUM

CVE-2025-40684: Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

Vendor Human Resource Management System
Product Human Resource Management System
Weakness CWE-79 · XSS
Published July 29, 2025
Last update July 29, 2025
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php.

Key dates

02Disclosure timeline

July 29, 2025 CVE published
July 29, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-34857 WordPress SP Project & Document Manager plugin <= 4.59 - Reflected Cross-Site Scripting (XSS) vulnerability CVE-2026-1161 pbrong hrms recruitment.go UpdateRecruitmentById cross site scripting CVE-2026-48213 Open ISES Tickets < 3.44.2 Reflected XSS via add.php ticket_id Parameter CVE-2023-2436 Blog-in-Blog <= 2.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode CVE-2025-23494 WordPress Quizzin plugin <= 1.01.4 - Reflected Cross Site Scripting (XSS) vulnerability