CVE-2025-57117
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk24th percentile - higher than 24% of all known CVEs
Summary
A clickjacking vulnerability was found in Rems Employee Management System 1.0. It allows a remote attacker to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field when adding a new department.
Risk Assessment
An attacker can hijack user sessions, steal data, or perform other malicious actions within the application context, threatening the confidentiality and integrity of organizational data.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and output encoding for all form fields.
Original NVD description (English source)
A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department.

