CVE-2025-40683
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-29

Last updated on: 2025-08-04

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through theΒ 'searccity' parameter in /city.php.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-29
Last Modified
2025-08-04
Generated
2026-05-27
AI Q&A
2025-07-29
EPSS Evaluated
2026-05-25
NVD
CVE-2025-40683
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oretnom23 human_resource_management_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

An attacker exploiting this vulnerability could execute arbitrary JavaScript code in a user's browser, potentially leading to session hijacking, theft of sensitive information, or performing actions on behalf of the user without their consent.


Can you explain this vulnerability to me?

This vulnerability is a Reflected Cross-Site Scripting (XSS) issue in Human Resource Management System version 1.0. It allows an attacker to execute malicious JavaScript code in the victim's browser by sending a specially crafted URL that exploits the 'searccity' parameter in the /city.php page.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart