CVE-2025-65136EXPLOITED

n/a · n/a

CVE-2025-65136: In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php v

Description

In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65136/README.md

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2025-65136 | manikandan580 School-management-system 1.0 POST Parameter contact-us.php pagedes cross site scripting

→ No new info (linked only)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

PublishedApr 14, 2026

Last enriched5h agov2

Trending Score49

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-65135EXP

CVE-2025-65135: In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin

Trending: 56

HIGHCVE-2026-38529EXP

CVE-2026-38529: A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allo

Trending: 50

HIGHCVE-2026-38530EXP

CVE-2026-38530: A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.

Trending: 50

MEDIUMCVE-2025-65132EXP

CVE-2025-65132: alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which a

Trending: 49

CRITICALCVE-2025-61260EXP

CVE-2025-61260: A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP

Trending: 48

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: description, severity, activelyExploited

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Version History

Last enriched 5h ago

v2Tier C5h ago

Updated vendor and product information, changed severity to HIGH, and corrected exploit availability to false.

descriptionseverityactivelyExploited

via VulDB

v16h ago

Initial creation