School File Management System is a school file management system that stores student files individually and retrieves them later. A cross-site scripting vulnerability exists in School File Management System version 1.0, which can be exploited to cause cross-site scripting attacks via the Lastname parameter in the Update Account form of student_profile.php.