CVE-2025-9306 — Cross-site Scripting in Advanced School Management System

CWE-79 — Cross-site Scripting CWE-94 — Code Injection3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.0%

top 87.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Advanced School Management System Donbermoy Advanced School Management System

Timeline

PublishedAug 21

Description

A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/notice/addNotice. The manipulation of the argument noticeSubject results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/advanced_school_management_system1.0

▶NVDdonbermoy/advanced_school_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-v856-r97f-vrg7: A vulnerability was detected in SourceCodester Advanced School Management System 1↗2025-08-21

▶

CVEList

SourceCodester Advanced School Management System addNotice cross site scripting↗2025-08-21

▶