Platform
php
Component
stackofvulnerabilities
Opgelost in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in CampCodes School Management Software versions 1.0 to 1.0. This flaw resides within the /notice-list file, specifically impacting the handling of the 'Notice' argument. Successful exploitation could allow an attacker to inject malicious scripts into the application, potentially compromising user sessions and data. A patch is available in version 1.0.1.
The XSS vulnerability in CampCodes School Management Software allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user cookies, redirect users to malicious websites, or deface the application's interface. The impact is amplified if the application is used to manage sensitive student or staff data, as an attacker could potentially gain access to this information. The remote nature of the vulnerability means an attacker does not need to be on the same network as the server to exploit it. This type of XSS is often used as a stepping stone for further attacks, such as phishing or account takeover.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. No KEV listing or EPSS score is currently available. Public proof-of-concept code may emerge, further accelerating exploitation attempts. The vulnerability was published on 2025-01-24.
Schools and educational institutions using CampCodes School Management Software versions 1.0 to 1.0 are at risk. Organizations that rely on this software to manage student data or sensitive information are particularly vulnerable. Shared hosting environments where multiple websites share the same server resources could also be affected if one website is compromised.
• wordpress / composer / npm:
grep -r "Notice = [^\" >]*" /var/www/campcodes/• generic web:
curl -I http://your-campcodes-server.com/notice-list?Notice=<script>alert(1)</script>disclosure
Exploit Status
EPSS
0.22% (45% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-0710 is to upgrade CampCodes School Management Software to version 1.0.1, which contains the fix. If upgrading immediately is not possible, consider implementing input validation and output encoding on the 'Notice' argument within the /notice-list file. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and sanitize user-supplied data to prevent similar vulnerabilities from being introduced.
Actualizar a una versión parcheada del software de gestión escolar proporcionada por el proveedor. Si no hay una actualización disponible, desinfectar las entradas del usuario en la página /notice-list para evitar la ejecución de código JavaScript malicioso. Implementar validación y codificación de salida para el parámetro 'Notice'.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-0710 is a cross-site scripting (XSS) vulnerability affecting CampCodes School Management Software versions 1.0 through 1.0, allowing attackers to inject malicious scripts.
You are affected if you are using CampCodes School Management Software version 1.0 or 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1. As a temporary workaround, implement input validation and output encoding on the 'Notice' argument.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Active exploitation has not been confirmed.
Refer to the CampCodes website or contact their support team for the official advisory regarding CVE-2025-0710.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.