Discussion

Sergio Medeiros

Vulnerability Operations @ Synack. InfoSec's Village Idiot. Documenting my journey of pivoting out of a decade long sales career to breaking

Sep 20, 2025

CVE-2025-57205: Stored XSS in iNiLabs School Express 6.2 (SMS Express)

Discovered by: Michael Kim & Sergio MedeirosVendor: iNiLabsProduct: School Express – School Management System (SMS Express)Affected Version: 6.2 (other versions not tested)Impact: Arbitrary JavaScript Execution (Stored XSS)Attack Type: Remote (Authen...

grumpz.net4 min read

#cve #devops #cybersecurity-1 #cybersecurity #hacking #bugbounty #bugs-and-errors #php #security #pentesting #penetration-testing #xss #owasp

Responses

No responses yet.

Search Hashnode

CVE-2025-57205: Stored XSS in iNiLabs School Express 6.2 (SMS Express)

Responses

Recent in Forum