CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40686 – Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System
https://notcve.org/view.php?id=CVE-2025-40686
29 Jul 2025 — Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php. Cross-Site Scripting (XSS) reflejado en Human Resource Management System version 1.0. Esta vulnerabilidad podría permitir que un atacante ejecute código JavaScript en el navegador de la víctima enviando una URL maliciosa a través del parámetro 'employ... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-system • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40685 – Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System
https://notcve.org/view.php?id=CVE-2025-40685
29 Jul 2025 — Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php. Se detectó un ataque de Cross-Site Scripting (XSS) reflejado en Human Resource Management System version 1.0. Esta vulnerabilidad podría permitir que un atacante ejecute código JavaScript en el navegador de la víctima enviando una URL maliciosa a través de... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-system • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40684 – Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System
https://notcve.org/view.php?id=CVE-2025-40684
29 Jul 2025 — Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php. Se detectó un ataque de Cross-Site Scripting (XSS) reflejado en Human Resource Management System version 1.0. Esta vulnerabilidad podría permitir que un atacante ejecute código JavaScript en el navegador de la víctima enviando una URL maliciosa a travé... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-system • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40683 – Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System
https://notcve.org/view.php?id=CVE-2025-40683
29 Jul 2025 — Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php. Se detectó un ataque de Cross-Site Scripting (XSS) reflejado en Human Resource Management System version 1.0. Esta vulnerabilidad podría permitir que un atacante ejecute código JavaScript en el navegador de la víctima enviando una URL maliciosa a través del... • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-system • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40682 – SQL injection vulnerability in Human Resource Management System
https://notcve.org/view.php?id=CVE-2025-40682
29 Jul 2025 — SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint. Vulnerabilidad de inyección SQL en Human Resource Management System version 1.0, que permite a un atacante recuperar, crear, actualizar y eliminar bases de datos a través de los parámetros “city” y “state” en el endpoint /controller/ccity.php. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-human-resource-management-system • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-35469
https://notcve.org/view.php?id=CVE-2024-35469
30 May 2024 — A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. Una vulnerabilidad de inyección SQL en /hrm/user/ en SourceCodester Human Resource Management System 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a través del parámetro de contraseña. • https://github.com/dovankha/CVE-2024-35469 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-35468
https://notcve.org/view.php?id=CVE-2024-35468
30 May 2024 — A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. Una vulnerabilidad de inyección SQL en /hrm/index.php en SourceCodester Human Resource Management System 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a través del parámetro contraseña. • https://github.com/dovankha/CVE-2024-35468 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3391 – SourceCodester Human Resource Management System detailview.php sql injection
https://notcve.org/view.php?id=CVE-2023-3391
23 Jun 2023 — A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. • https://github.com/mohdkey/Human-Resource-Management-System/blob/main/Human%20Resource%20Management%20System%20detailview.php%20has%20Sqlinjection.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4279 – SourceCodester Human Resource Management System employeeview.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-4279
03 Dec 2022 — A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leecybersec/bug-report/tree/main/sourcecodester/oretnom23/hrm/employee-view-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4273 – SourceCodester Human Resource Management System Content-Type employee.php unrestricted upload
https://notcve.org/view.php?id=CVE-2022-4273
03 Dec 2022 — A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/leecybersec/bug-report/tree/main/sourcecodester/oretnom23/hrm/bypass-fileupload-rce • CWE-266: Incorrect Privilege Assignment CWE-434: Unrestricted Upload of File with Dangerous Type •