{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-65134", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-14T18:03:39.903Z", "dateReserved": "2025-11-18T00:00:00.000Z", "datePublished": "2026-04-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T15:06:53.877Z"}, "descriptions": [{"lang": "en", "value": "In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65134/README.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T18:03:30.527664Z", "id": "CVE-2025-65134", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T18:03:39.903Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-65134", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T18:03:30.527664Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T18:03:35.381Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65134/README.md"}], "descriptions": [{"lang": "en", "value": "In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T15:06:53.877Z"}}}, "cveMetadata": {"cveId": "CVE-2025-65134", "state": "PUBLISHED", "dateUpdated": "2026-04-14T18:03:39.903Z", "dateReserved": "2025-11-18T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-14T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms/admin/contact-us.php via the email POST parameter."}], "id": "CVE-2025-65134", "lastModified": "2026-04-14T16:16:34.383", "metrics": {}, "published": "2026-04-14T16:16:34.383", "references": [{"source": "cve@mitre.org", "url": "https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65134/README.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-04-14T16:52:55.642498+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011supplied patch or upgrade to a newer version of the School\u2011management\u2011system that removes the reflected XSS in the contact\u2011us page.", "Ensure the email POST parameter is validated and properly encoded before inclusion in any HTML output.", "Implement a Content Security Policy that disallows inline scripts and restricts script sources to trusted domains.", "Perform a security review or penetration test focused on input handling in administrative interfaces of the application."], "summary": {"action": "Apply Patch", "impact": "Reflected Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "This vulnerability affects only the 1.0 version of the School\u2011management\u2011system by the developer named manikandan580. No other vendors or product variants are listed in the advisory, and no specific CPE strings are provided.", "description_and_impact": "A reflected XSS flaw is present in the /studentms/admin/contact\u2011us.php script of the 1.0 release of manikandan580 School\u2011management\u2011system. The vulnerability arises when a value supplied in the email POST parameter is echoed back to the browser without proper encoding. If an attacker supplies malicious JavaScript in this field, the script will run in the context of an admin\u2019s browser session, potentially allowing cookie theft, session hijack, or execution of arbitrary code.", "risk_and_exploitability": "The CVSS base score is not disclosed, and EPSS data is unavailable, so a precise quantitative risk cannot be calculated. Based on the description, the flaw can be triggered remotely via an HTTP POST to the contact\u2011us page, and the email field can be supplied by an attacker. The absence of explicit authentication requirements in the advisory means it is unclear whether only authenticated users can reach the page; however, the lack of such detail allows us to infer that if the page is accessible, an attacker could craft a link or form to deliver the payload. The vulnerability is not listed in the CISA KEV catalog."}}}}, "created": "2026-04-15T15:30:06.835241+00:00", "title": "Reflected XSS via Email Parameter in School Management System 1.0", "updated": "2026-04-15T15:30:06.835260+00:00", "vendors": [], "weaknesses": ["CWE-79"]}