Human Resource Management System

human_resource_management_system

Vendor: Oretnom23 • 29 CVEs

CVEs (29)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-40686 1Oretnom23 1Human Resource Management System Aug 4, 2025 Jul 29, 2025 4.8 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the '...Show more Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php.Show less
CVE-2025-40685 1Oretnom23 1Human Resource Management System Aug 4, 2025 Jul 29, 2025 4.8 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the '...Show more Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.Show less
CVE-2025-40684 1Oretnom23 1Human Resource Management System Aug 4, 2025 Jul 29, 2025 4.8 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the '...Show more Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php.Show less
CVE-2025-40683 1Oretnom23 1Human Resource Management System Aug 4, 2025 Jul 29, 2025 4.8 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the '...Show more Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php.Show less
CVE-2025-40682 1Oretnom23 1Human Resource Management System Aug 4, 2025 Jul 29, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php en...Show more SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.Show less
CVE-2024-35469 1Oretnom23 1Human Resource Management System Apr 11, 2025 May 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.
CVE-2024-35468 1Oretnom23 1Human Resource Management System Apr 11, 2025 May 30, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.
CVE-2024-34223 1Oretnom23 1Human Resource Management System Apr 18, 2025 May 14, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket.
CVE-2024-34222 1Oretnom23 1Human Resource Management System Apr 18, 2025 May 14, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter.
CVE-2024-34221 1Oretnom23 1Human Resource Management System Apr 18, 2025 May 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation.
CVE-2024-34220 1Oretnom23 1Human Resource Management System Apr 18, 2025 May 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.
CVE-2023-3391 1Oretnom23 1Human Resource Management System Nov 21, 2024 Jun 23, 2023 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument emp...Show more A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288.Show less
CVE-2022-4279 1Oretnom23 1Human Resource Management System Nov 21, 2024 Dec 3, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search...Show more A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214776.Show less
CVE-2022-4278 1Oretnom23 1Human Resource Management System Nov 21, 2024 Dec 3, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argume...Show more A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214775.Show less
CVE-2022-4273 1Oretnom23 1Human Resource Management System Nov 21, 2024 Dec 3, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the compone...Show more A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.Show less
CVE-2022-45218 1Oretnom23 1Human Resource Management System Nov 21, 2024 Nov 25, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.
CVE-2022-43262 1Oretnom23 1Human Resource Management System Nov 21, 2024 Nov 16, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /hrm/controller/login.php.
CVE-2022-43318 1Oretnom23 1Human Resource Management System Nov 21, 2024 Nov 7, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php.
CVE-2022-43317 1Oretnom23 1Human Resource Management System Nov 21, 2024 Nov 7, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-3502 1Oretnom23 1Human Resource Management System Nov 21, 2024 Oct 14, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cros...Show more A vulnerability was found in Human Resource Management System 1.0. It has been classified as problematic. This affects an unknown part of the component Leave Handler. The manipulation of the argument Reason leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-210831.Show less

12 Next