CVE-2025-29431

Name of the Vulnerable Software and Affected Versions Code-projects Online Class and Exam Scheduling System version 1.0

Description The issue concerns Cross Site Scripting (XSS) in the /pages/department.php endpoint via the id, code, and name parameters. This allows for potential malicious script execution.

Recommendations For Code-projects Online Class and Exam Scheduling System version 1.0, as a temporary workaround, consider restricting access to the /pages/department.php endpoint until a patch is available. Avoid using the id, code, and name parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.