Platform
php
Fixed in
2.0.1
A cross-site scripting (XSS) vulnerability has been identified in code-projects Student Information System version 2.0. This flaw resides within an unknown function of the /editprofile.php file, allowing attackers to inject malicious scripts. Affected versions include 2.0, and a fix is available in version 2.0.1.
Successful exploitation of CVE-2025-13245 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to session hijacking, credential theft, defacement of the Student Information System, or redirection to malicious websites. The attacker could potentially gain access to sensitive student data, including personal information, grades, and financial details. Given the remote accessibility of the vulnerability, the blast radius extends to all users of the affected Student Information System.
A public proof-of-concept (PoC) for CVE-2025-13245 is available, indicating a relatively low barrier to entry for exploitation. The vulnerability is not currently listed on CISA KEV. The CVSS score of 3.5 (LOW) reflects the ease of exploitation and limited impact, but the availability of a PoC suggests potential for opportunistic attacks.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-13245 is to upgrade to version 2.0.1 of the Student Information System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the /editprofile.php page to sanitize user-supplied data. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of protection. Regularly review and update input validation routines to prevent future XSS vulnerabilities. After upgrade, confirm functionality by testing the /editprofile.php page with various input types.
Update the Student Information System to a patched version that resolves the XSS vulnerability in the editprofile.php file. If a patched version is not available, review and filter user input in editprofile.php to prevent the injection of malicious code.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-13245 is a cross-site scripting (XSS) vulnerability in Student Information System 2.0, allowing attackers to inject malicious scripts via the /editprofile.php file.
Yes, if you are using Student Information System version 2.0, you are affected by this vulnerability. Upgrade to version 2.0.1 to mitigate the risk.
The recommended fix is to upgrade to version 2.0.1. As a temporary workaround, implement input validation and output encoding on the /editprofile.php page.
While there is no confirmed widespread exploitation, a public proof-of-concept exists, suggesting potential for opportunistic attacks.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2025-13245.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.