7 matches found
CVE-2025-0625
CVE-2025-0625 affects CampCodes School Management Software 1.0, specifically the Attachment Handler component. The vulnerability arises from improper control of resource identifiers, enabling an attacker to manipulate identifiers remotely. Descriptions consistently indicate remote exploitability ...
CVE-2025-0849
CVE-2025-0849 affects CampCodes School Management Software 1.0, specifically the Staff Handler component’s unknown function in the file /edit-staff/. The root cause is improper authorization, enabling remote exploitation. Multiple sources corroborate a publicly disclosed exploit and remote attack...
CVE-2025-0710
CVE-2025-0710 affects CampCodes School Management Software 1.0. The vulnerability is in the Notice Board Page, specifically the file/endpoint /notice-list where the Notice parameter can be manipulated to trigger cross-site scripting. The issue is exploitable remotely, and public disclosure of the...
CVE-2025-1159
The CVE-2025-1159 affects CampCodes School Management Software 1.0. An unknown functionality in /academic-calendar is vulnerable to cross-site scripting, allowing remote exploitation. The vulnerability is described as problematic with public exploitation disclosed. Affected components and precise...
CVE-2025-0559
The CVE-2025-0559 entry describes a cross-site scripting vulnerability in Campcodes School Management Software 1.0, arising from improper handling of the ID Card Title parameter on the Create Id Card Page (/create-id-card). Exploitation is possible remotely and an exploit has been disclosed publi...
CVE-2025-0560
CVE-2025-0560 affects CampCodes School Management Software 1.0, specifically the Photo Gallery Page component (/photo-gallery). The vulnerability arises from manipulation of the Description argument, enabling cross-site scripting. It is exploitable remotely and exploits have been publicly disclos...
CVE-2025-0581
CVE-2025-0581 affects CampCodes School Management Software v1.0, specifically the /chat/group/send endpoint in the Chat History component. The root cause is manipulation of the message parameter enabling cross-site scripting (XSS), with remote exploitation and a publicly disclosed exploit. Severa...