openSIS is a free and open source student information system/school management software. openSIS version 8.0 contains a cross-site scripting vulnerability. An attacker can exploit the vulnerability to inject and execute JavaScript code via the link_url parameter in Ajax_url_encode.php.