CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2590 – code-projects Human Resource Management System recruitment.go UpdateRecruitmentById cross site scripting
https://notcve.org/view.php?id=CVE-2025-2590
21 Mar 2025 — A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross site scripting. It is possible to launch the attack remotely. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2589 – code-projects Human Resource Management System Account.go Index improper authorization
https://notcve.org/view.php?id=CVE-2025-2589
21 Mar 2025 — A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in code-projects Human Resource Management System 1.0.1 gefunden. • https://code-projects.org • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •