CVE-2025-6569 MEDIUM

CVE-2025-6569: code-projects School Fees Payment System student.php cross site scripting

Vendor Code-Projects

Product School Fees Payment System

Weakness CWE-79 · XSS

Published June 24, 2025

Last update June 24, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument sname/contact/about/emailid/transcation_remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

June 24, 2025 CVE published

June 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-6569 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-43713 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2026-27156 NiceGUI has XSS via Code Injection CVE-2026-3369 Better Find and Replace – AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title CVE-2023-30493 WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-39363 WordPress Custom Login and Registration <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability