CVE-2026-12425

UNKNOWN 0.0

Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it be eval()'d in the page and execute in the context of the user.

CWE	CWE-79
Vendor	powerschool
Product	employee access center
Published	Jun 16, 2026
Last Updated	Jun 16, 2026

Stay Ahead of the Next One

Get instant alerts for powerschool employee access center

Be the first to know when new unknown vulnerabilities affecting powerschool employee access center are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

PowerSchool / Employee Access Center

23.10

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2026/PANW-2026-0002/PANW-2026-0002.md

Credits

Menachem (Momo) Rothbart