CVE.: CVE-2025-13245 GCVE.: GCVE-100-332571 Summary: Affected Product: Code-Projects Student Information System 2.0 File Affected: /editprofile.php Vulnerability Type: Cross Site Scripting (XSS) CVE ID: CVE-2025-13245 Classification: Problematic Attack Vector: Remote Exploit Availability: Yes Details: CVE Description: An unknown function of the /editprofile.php file leads to a Cross Site Scripting vulnerability due to improper handling of user input. CVE Classification: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) Advisory link: github.com Exploitability Information: The exploitability is considered easy, and the attack can be initiated remotely. Attack Technique: T1059.007 (Command and Scripting Interpreter: Web Shell) Exploit Distribution: Proof-of-Concept (PoC) exploit is available for download at github.com Search for Exploit: inurl:editprofile.php