CVE-2025-44184 — Cross-site Scripting in Best Employee Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 62.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mayurik Best Employee Management System

Timeline

PublishedMay 14

Description

SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the website_image, fname, lname, contact, username, and address parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDmayurik/best_employee_management_system1.0

🔴Vulnerability Details

CVEList

CVE-2025-44184: SourceCodester Best Employee Management System V1↗2025-05-14

▶

GHSA

GHSA-fvmq-5x7q-w2cc: SourceCodester Best Employee Management System V1↗2025-05-14

▶