CVE-2025-65134: In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms

Description

In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter.

Affected Products

Vendor	Product	Versions
manikandan580	school-management-system	n/a

References

https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65134/README.md

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2025-65134 | manikandan580 School-management-system 1.0 POST Parameter contact-us.php email cross site scripting

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

PublishedApr 14, 2026

Last enriched23h agov2

Trending Score42

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (3)

CRITICALCVE-2025-65135

Version History

Last enriched 23h ago

v2Tier C23h ago

Updated vendor to manikandan580, product to School-management-system, severity to HIGH, and added CWE-79 while correcting exploit availability to false.

descriptionseveritycweIdsactivelyExploited

via VulDB

v11d ago

Initial creation