CVE Catalog

CVE-2025-57117

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile - higher than 24% of all known CVEs

Summary

A clickjacking vulnerability was found in Rems Employee Management System 1.0. It allows a remote attacker to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field when adding a new department.

Risk Assessment

An attacker can hijack user sessions, steal data, or perform other malicious actions within the application context, threatening the confidentiality and integrity of organizational data.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and output encoding for all form fields.

Original NVD description (English source)

A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS