CVE-2025-13784
4.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Summary
A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| yungifez | Skuul School Management System | 2.6.0 | affected |
| yungifez | Skuul School Management System | 2.6.1 | affected |
| yungifez | Skuul School Management System | 2.6.2 | affected |
| yungifez | Skuul School Management System | 2.6.3 | affected |
| yungifez | Skuul School Management System | 2.6.4 | affected |
| yungifez | Skuul School Management System | 2.6.5 | affected |
Weaknesses
- CWE-79: Cross Site Scripting
- CWE-94: Code Injection
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://vuldb.com/?id.333788
- https://vuldb.com/?ctiid.333788
- https://vuldb.com/?submit.689012
- https://gist.github.com/thezeekhan/7fc54fd44bc5f318be0350b367b2d8ff
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.