Platform
php
Component
stackofvulnerabilities
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in CampCodes School Management Software versions 1.0 to 1.0. This flaw resides within the /notice-list file, specifically impacting the handling of the 'Notice' argument. Successful exploitation could allow an attacker to inject malicious scripts into the application, potentially compromising user sessions and data. A patch is available in version 1.0.1.
The XSS vulnerability in CampCodes School Management Software allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user cookies, redirect users to malicious websites, or deface the application's interface. The impact is amplified if the application is used to manage sensitive student or staff data, as an attacker could potentially gain access to this information. The remote nature of the vulnerability means an attacker does not need to be on the same network as the server to exploit it. This type of XSS is often used as a stepping stone for further attacks, such as phishing or account takeover.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. No KEV listing or EPSS score is currently available. Public proof-of-concept code may emerge, further accelerating exploitation attempts. The vulnerability was published on 2025-01-24.
Exploit Status
EPSS
0.22% (45% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-0710 is to upgrade CampCodes School Management Software to version 1.0.1, which contains the fix. If upgrading immediately is not possible, consider implementing input validation and output encoding on the 'Notice' argument within the /notice-list file. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and sanitize user-supplied data to prevent similar vulnerabilities from being introduced.
Update to a patched version of the school management software provided by the vendor. If no update is available, sanitize user inputs on the /notice-list page to prevent the execution of malicious JavaScript code. Implement validation and output encoding for the 'Notice' parameter.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-0710 is a cross-site scripting (XSS) vulnerability affecting CampCodes School Management Software versions 1.0 through 1.0, allowing attackers to inject malicious scripts.
You are affected if you are using CampCodes School Management Software version 1.0 or 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the 'Notice' argument.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Active exploitation has not been confirmed.
Refer to the CampCodes website or contact their support team for the official advisory regarding CVE-2025-0710.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.