Manikandan580 School-Management-System Email Input Allows Malicious Code Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Manikandan580 School-Management-System Email Input Allows Malicious Code Injection

CVE-2025-65134

Summary

The Manikandan580 School-Management-System has a security issue where an attacker can inject malicious code into the system by submitting a specially crafted email address through the contact form. This could allow an attacker to steal sensitive information or take control of the system. Users should update the system to the latest version or apply a patch to fix this issue.

Original title

In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.

Original description

In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.

https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65134/README...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026