CVE-2025-1905: SourceCodester Employee Management System employee.php cross site scripting
First published: Tue Mar 04 2025(Updated: )
A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SourceCodester Employee Management System | ||
| =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1905?
CVE-2025-1905 is classified as a problematic vulnerability affecting the SourceCodester Employee Management System.
How do I fix CVE-2025-1905?
To fix CVE-2025-1905, sanitize user inputs to prevent cross-site scripting vulnerabilities in the employee.php file.
What type of vulnerability is CVE-2025-1905?
CVE-2025-1905 is a cross-site scripting (XSS) vulnerability.
Which software is affected by CVE-2025-1905?
CVE-2025-1905 affects the SourceCodester Employee Management System version 1.0.
What is the attack vector for CVE-2025-1905?
CVE-2025-1905 can be exploited through manipulation of the Full Name argument in the employee.php file.
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/title
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/author
- agent/source
- agent/event
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- vendor/sourcecodester
- canonical/sourcecodester employee management system
- vendor/remyandrade