CVE-2025-0581

Name of the Vulnerable Software and Affected Versions CampCodes School Management Software version 1.0

Description A problematic issue has been found in the Chat History component of the software, specifically affecting an unknown part of the file /chat/group/send. The manipulation of the message argument leads to cross-site scripting attacks, which can be initiated remotely. An exploit has been made public and is available for use.

Recommendations For CampCodes School Management Software version 1.0, consider disabling the /chat/group/send endpoint or restricting access to it until a patch is available. As a temporary workaround, avoid using the message argument in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.