CVE-2025-6340

Name of the Vulnerable Software and Affected Versions: code-projects School Fees Payment System version 1.0

Description: A problematic vulnerability has been found in the code-projects School Fees Payment System. This issue affects an unknown part of the file /branch.php. The manipulation of the Branch/Address/Detail argument leads to cross-site scripting attacks, which can be initiated remotely. The exploit for this issue has been publicly disclosed and may be used.

Recommendations: For code-projects School Fees Payment System version 1.0, consider disabling the Branch/Address/Detail argument in the /branch.php file as a temporary workaround until a patch is available. Restrict access to the /branch.php file to minimize the risk of exploitation. Avoid using the Branch/Address/Detail argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.