CVE Details
Basic Information
| Title | code-projects Human Resource Integrated System action.php cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-08-03T06:02:05.573Z |
| Modified | 2025-08-03T06:02:05.573Z |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Human Resource Integrated System |
| Version | 1.0 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability in the action.php file of Human Resource Integrated System version 1.0 allows remote attackers to inject malicious scripts. This could lead to session hijacking or unauthorized actions on the system. |
|---|---|
| AI Severity | Medium |
| AI Vendor | code-projects |
| AI Product | Human Resource Integrated System |
| AI Version | 1.0 |
Affected Products
- code-projects Human Resource Integrated System 1.0
Additional Information
| CWE List | CWE-79, CWE-94 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as problematic has been found in code-projects Human Resource Integrated System 1.0. Affected is an unknown function of the file /insert-and-view/action.php. The manipulation of the argument content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.