CVE-2022-4279

LOW

SourceCodester Human Resource Management System 1.0 - Cross-Site Scripting via Employee View Search Parameter

Title source: llm

Description

A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/leecybersec/bug-report/tree/main/sourcecodester/oretnom23/hrm/employee-view-xss

View Exploit ZIP pw:eip

Third Party Advisory, VDB Entry

https://vuldb.com/?id.214776

Scores

CVSS v3 3.5

EPSS 0.0051

EPSS Percentile 39.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79 CWE-707

Status published

Products (1)

oretnom23/human_resource_management_system 1.0

Published Dec 03, 2022

Tracked Since Feb 18, 2026