Taher Aboud

**Name of the Vulnerable Software and Affected Versions** lahirudanushka School Management System versions 1.0.0 through 1.0.1 **Description** A vulnerability was found in the lahirudanushka School Management System, affecting some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument `Subject Title/Sybillus Details` leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For lahirudanushka School Management System versions 1.0.0 through 1.0.1, consider disabling the `Subject Title/Sybillus Details` argument in the /subject.php file until a patch is available. Restrict access to the Subject Page component to minimize the risk of exploitation. Avoid using the `Subject Title/Sybillus Details` argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.