CVE-2026-7116
Cross-Site Scripting in Employee Management System mark.php
Publication date: 2026-04-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | employee_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7116 is a reflected Cross-Site Scripting (XSS) vulnerability found in the Employee Management System, specifically in the file mark.php. The issue occurs because the pid query parameter is directly reflected into an HTML attribute without proper escaping or sanitization. An attacker can craft a malicious URL containing JavaScript code injected via this parameter. When an administrator visits this URL, the injected script executes in their browser.
This vulnerability allows attackers to execute arbitrary scripts in the context of the victim's browser, potentially leading to session hijacking, account takeover, and phishing or UI manipulation.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute malicious scripts in the browser of an administrator or user who visits a crafted URL. This can lead to:
- Session hijacking, where attackers steal cookies or tokens to impersonate the user.
- Account takeover, enabling attackers to perform actions as the administrator.
- Phishing or UI manipulation, where attackers alter page content to deceive users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP GET request to the vulnerable endpoint and observing if the injected script executes in the response.
A proof of concept command to test for the reflected XSS in the mark.php file is:
- curl -i "http://<target-host>:82/mark.php?id=101&pid=\"><ScRiPt>alert(10)</sCrIpT>"
If the response contains the injected script and it executes when rendered in a browser (e.g., an alert popup appears), the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing and properly escaping user input, especially the 'pid' parameter, before reflecting it in HTML output.
Additionally, applying input validation to reject or encode special characters that could be used for script injection is recommended.
Until a patch or update is applied, restrict access to the vulnerable endpoint or monitor and block suspicious requests containing script tags or unusual payloads.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a reflected Cross-Site Scripting (XSS) issue that can lead to session hijacking, account takeover, and phishing or UI manipulation. Such security flaws can compromise the confidentiality and integrity of user data, potentially leading to unauthorized access to sensitive information.
While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, the ability for attackers to hijack sessions and perform unauthorized actions could result in violations of data protection requirements under these regulations, which mandate safeguarding personal and sensitive data against unauthorized access.