CVE-2025-41107

Description

Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to /online_admission, wich affects the parameters firstname, lastname, guardian_name and others. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her session cookie details.