Skip to main content

Smart School Management System

1 CVEs product

Monthly

CVE-2026-4991 MEDIUM This Month

Cross-site scripting (XSS) in QDOCS Smart School Management System up to version 7.2 allows authenticated remote attackers to inject malicious scripts via the Note parameter in the /admin/enquiry endpoint of the Admission Enquiry Module, potentially compromising session integrity and user data. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), resulting in a CVSS 5.1 score with low integrity impact. No public exploit code or active exploitation has been confirmed at the time of this analysis.

XSS Smart School Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM This Month

Cross-site scripting (XSS) in QDOCS Smart School Management System up to version 7.2 allows authenticated remote attackers to inject malicious scripts via the Note parameter in the /admin/enquiry endpoint of the Admission Enquiry Module, potentially compromising session integrity and user data. The vulnerability requires user interaction (UI:P) and authenticated access (PR:L), resulting in a CVSS 5.1 score with low integrity impact. No public exploit code or active exploitation has been confirmed at the time of this analysis.

XSS Smart School Management System
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy