Unrated severityNVD Advisory· Published Nov 10, 2025· Updated Nov 10, 2025
Stored XSS in Smart School
CVE-2025-41107
Description
Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to '/online_admission', wich affects the parameters 'firstname', 'lastname', 'guardian_name' and others. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her session cookie details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 7.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.