CVE-2025-56293
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
The Human Resource Integrated System 1.0 by code-projects is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section, specifically in the Childs Name field. This allows an attacker to inject malicious scripts that may execute in the administrator's browser.
Risk Assessment
An attacker can exploit this vulnerability to steal session cookies, redirect users to malicious sites, or perform other actions within the admin session context, compromising the confidentiality and integrity of system data.
Recommendation
Immediately update the system to the latest version or apply a security patch. In the meantime, validate and sanitize input in the Childs Name field and implement a Content Security Policy (CSP).
Original NVD description (English source)
code-projects Human Resource Integrated System 1.0 is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section in the Childs Name field.

