CVE-2025-60782

Name of the Vulnerable Software and Affected Versions PHP Education Manager version 1.0

Description The software contains a Cross-Site Scripting (XSS) issue within the topics management module, specifically in the topics.php file. An attacker can inject malicious JavaScript payloads into the Title field when creating or updating topics. This allows for the execution of arbitrary JavaScript code within the context of other users' browsers.

Recommendations Update to a newer version that contains a fix for this vulnerability.