CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0342 – CampCodes Computer Laboratory Management System edit cross site scripting
https://notcve.org/view.php?id=CVE-2025-0342
09 Jan 2025 — A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Computer%20Laboratory%20Management%20System.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0341 – CampCodes Computer Laboratory Management System edit unrestricted upload
https://notcve.org/view.php?id=CVE-2025-0341
09 Jan 2025 — A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Computer%20Laboratory%20Management%20System.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •