CVE-2025-14663 MEDIUM

CVE-2025-14663: code-projects Student File Management System update_student.php cross site scripting

Vendor Code-Projects
Product Student File Management System
Weakness CWE-79 · XSS
Published December 14, 2025
Last update December 15, 2025
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/update_student.php. Executing manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Key dates

02Disclosure timeline

December 14, 2025 CVE published
December 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-62899 WordPress Photospace Responsive plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability CVE-2023-40676 WordPress Slimstat Analytics Plugin <= 5.0.8 is vulnerable to Cross Site Scripting (XSS) CVE-2020-24445 Cross-site Scripting Vulnerability in Commenting Function of Adobe Experience Manager (AEM) CVE-2023-50880 WordPress BuddyPress Plugin <= 11.3.1 is vulnerable to Cross Site Scripting (XSS) CVE-2011-10006 GamerZ WP-PostRatings wp-postratings.php cross site scripting