CVE Catalog

CVE-2025-56293

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

The Human Resource Integrated System 1.0 by code-projects is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section, specifically in the Childs Name field. This allows an attacker to inject malicious scripts that may execute in the administrator's browser.

Risk Assessment

An attacker can exploit this vulnerability to steal session cookies, redirect users to malicious sites, or perform other actions within the admin session context, compromising the confidentiality and integrity of system data.

Recommendation

Immediately update the system to the latest version or apply a security patch. In the meantime, validate and sanitize input in the Childs Name field and implement a Content Security Policy (CSP).

Original NVD description (English source)

code-projects Human Resource Integrated System 1.0 is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section in the Childs Name field.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS