Medium severity6.1NVD Advisory· Published Jul 29, 2025· Updated Jun 17, 2026
CVE-2025-40685
CVE-2025-40685
Description
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 1.0
- Human Resource Management System/Human Resource Management Systemv5Range: 1.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.