Human Resource Management System vulnerabilities

CVE-2025-40682 [HIGH] CWE-89 CVE-2025-40682: SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacke SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.

CVE-2025-40686 [MEDIUM] CWE-79 CVE-2025-40686: Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerabi Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php.

CVE-2025-40683 [MEDIUM] CWE-79 CVE-2025-40683: Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerabi Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php.

CVE-2025-40684 [MEDIUM] CWE-79 CVE-2025-40684: Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerabi Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php.

CVE-2025-40685 [MEDIUM] CWE-79 CVE-2025-40685: Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerabi Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.