Manikandan580 School Management System allows malicious scripts to run

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.1

Manikandan580 School Management System allows malicious scripts to run

CVE-2025-65136

Summary

The Manikandan580 School Management System has a security issue that allows an attacker to inject malicious code into the system. This could happen when a user visits a specially crafted link. This vulnerability affects the 'contact-us' feature and poses a risk to sensitive data and user accounts. Update to the latest version of the system to fix the issue.

Original title

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.

Original description

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65136/README...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026