CVE-2025-57117 — Cross-site Scripting in Employee Management System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 82.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Remyandrade Employee Management System

Timeline

PublishedSep 15

Latest updateSep 16

Description

A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDremyandrade/employee_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-f8wp-g7q2-59gh: A Clickjacking vulnerability exists in Rems' Employee Management System 1↗2025-09-16

▶

CVEList

CVE-2025-57117: A Clickjacking vulnerability exists in Rems' Employee Management System 1↗2025-09-15

▶