CVE-2025-51967

Name of the Vulnerable Software and Affected Versions ProjectsAndPrograms School Management System version 1.0

Description A Reflected Cross-site Scripting (XSS) issue exists in the themeSet.php file. The application does not properly sanitize user-supplied input in the theme parameter, which allows an attacker to inject and execute arbitrary JavaScript in a victim’s browser.

Recommendations As a temporary workaround, consider restricting access to the themeSet.php file until a fix is available. Ensure proper sanitization of the theme parameter to prevent the injection of malicious scripts.