CVE-2025-67978

Name of the Vulnerable Software and Affected Versions FixBD Educare versions through 1.6.1

Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The vulnerable component does not properly sanitize user-supplied input before including it in the generated web page, potentially enabling an attacker to execute arbitrary JavaScript code in the context of a user's browser. The affected application does not neutralize input, leading to potential execution of malicious code.

Recommendations Update FixBD Educare to a version newer than 1.6.1.