CVE-2025-6473 MEDIUM

CVE-2025-6473: code-projects School Fees Payment System fees.php cross site scripting

Vendor Code-Projects
Product School Fees Payment System
Weakness CWE-79 · XSS
Published June 22, 2025
Last update June 23, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /fees.php. The manipulation of the argument transcation_remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

June 22, 2025 CVE published
June 23, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-24938 WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting CVE-2024-11408 Slotti Ajanvaraus <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2023-42817 Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations CVE-2026-1151 technical-laohu mpay User Center cross site scripting CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute