CVE-2025-41107

Name of the Vulnerable Software and Affected Versions Smart School version 7.0

Description A stored Cross Site Scripting (XSS) issue exists in Smart School version 7.0. This is due to insufficient validation of user-supplied data when a POST request is sent to the '/online admission' API endpoint. The parameters firstname, lastname, and guardian name, among others, are susceptible to this issue. A remote attacker could potentially send a malicious query to an authenticated user, potentially leading to the theft of session cookie details.

Recommendations Versions prior to 7.0 should be used.