CVE-2026-47324

UNKNOWN 0.0

Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting (XSS) in multiple attributes of students and teachers objects. An authorized attacker (e.g., a teacher or administrator) can inject malicious JavaScript that is subsequently executed in other users’ browsers. Critically, when chained with CVE‑2025‑11661, which allows unauthenticated access to backend endpoints, this vulnerability can be exploited by a remote attacker without privileges to inject and execute arbitrary JavaScript. The maintainers were notified early about this vulnerability but did not provide details regarding affected versions. The version corresponding to commit 6b6fae5 was tested and confirmed vulnerable; other versions were not tested and may also be affected.

CWE	CWE-79
Vendor	projectsandprograms
Product	school-management-system
Published	Jun 3, 2026
Last Updated	Jun 3, 2026

Stay Ahead of the Next One

Get instant alerts for projectsandprograms school-management-system

Be the first to know when new unknown vulnerabilities affecting projectsandprograms school-management-system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ProjectsAndPrograms / school-management-system

6b6fae5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/06/CVE-2026-47324/ oranbyte.com: https://oranbyte.com/projects/school-management-system

Credits

Jakub Toczyski