CVE-2025-14194

CWE-79 — Cross-site Scripting (XSS)CWE-94 — Code Injection CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 84.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Employee Profile Management System Carmelogarcia Employee Profile Management System

Timeline

PublishedDec 7

Description

A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/employee_profile_management_system1.0

▶NVDcarmelogarcia/employee_profile_management_system1.0

🔴Vulnerability Details

CVEList

code-projects Employee Profile Management System view_personnel.php cross site scripting↗2025-12-07

▶

GHSA

GHSA-jx8c-5wrw-pprp: A vulnerability was identified in code-projects Employee Profile Management System 1↗2025-12-07

▶

📋Vendor Advisories

Microsoft

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.↗2019-07-09

▶