Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.