Primary

Context

Code-Projects Employee Management System Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Code-Projects Employee Management System version 1.0. The issue resides in the file '370project/edit.php', where the 'ID' argument can be manipulated to execute arbitrary JavaScript. This vulnerability can be exploited remotely, requiring user interaction from the victim.

Impact

Exploitation of this vulnerability allows for the execution of arbitrary JavaScript in the context of the affected user, potentially leading to session hijacking, account takeover, or phishing attacks.

Reproduction

To reproduce this vulnerability, send a request to '370project/edit.php' with a crafted 'ID' argument that includes a JavaScript payload, such as a script tag. This will trigger the cross-site scripting vulnerability by executing the injected JavaScript in the user's browser.

Added: Apr 27, 2026, 8:19 AM

Updated: Apr 27, 2026, 8:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

7.5

remediation

0.0

relevance

6.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

7.5

remediation

0.0

relevance

6.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Employee Management System Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating