关键漏洞信息 Vulnerability ID: CVE-2025-13795 Product: CodingWithElias School Management System Affected Version: Up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01 Vulnerability Type: Cross Site Scripting (XSS) CVE: CVE-2025-13795 EUVD: EUVD-2025-199939 Summary An unknown functionality of the file of the component "Edit Student Info Page" is affected by this vulnerability. manipulation of the 'First Name' argument can lead to Cross Site Scripting. The vulnerability is documented as CVE-2025-13795 and classified as problematic. The attack can be executed remotely, and an exploit is known to exist. The product implements a rolling release, making version information for affected or updated releases unavailable. Other parameters might also be affected, and the vendor did not respond to early disclosure. Details The vulnerability is classified as CWE-79, which is related to Cross Site Scripting. The product does not neutralize or incorrectly neutralizes user-controllable input before placing it in output, leading to integrity issues. The advisory is available on github.com. The exploitation of this vulnerability is considered easy. The attack can be launched remotely.