CVE-2025-0710 MEDIUM

CVE-2025-0710: CampCodes School Management Software Notice Board Page notice-list cross site scripting

Vendor Campcodes

Product School Management Software

Weakness CWE-79 · XSS

Published January 24, 2025

Last update February 12, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /notice-list of the component Notice Board Page. The manipulation of the argument Notice leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

January 24, 2025 CVE published

February 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0710 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-3244 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-46865 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2024-9283 RelaxedJS ReLaXed Pug to PDF Converter cross site scripting CVE-2023-2383 Netgear SRX5308 Web Management Interface cross site scripting CVE-2022-0211 Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting