GHSA-92x3-mfjp-j3h3

Source

https://github.com/advisories/GHSA-92x3-mfjp-j3h3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-92x3-mfjp-j3h3/GHSA-92x3-mfjp-j3h3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-92x3-mfjp-j3h3

Aliases

CVE-2025-13784

Published

2025-11-30T09:30:18Z

Modified

2025-12-08T22:42:58.534886Z

Severity

2.4 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
1.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator

Summary

yungifez Skuul School Management System vulnerable to XSS via SVG

Details

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2025-12-08T22:16:09Z",
    "nvd_published_at": "2025-11-30T07:15:44Z",
    "severity": "LOW",
    "github_reviewed": true
}

References

Affected packages

Packagist / yungifez/skuul

Package

Name: yungifez/skuul
Purl: pkg:composer/yungifez/skuul

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.6.5

Affected versions

V1.*

V1.0.3

V2.*

V2.6.4

v0.*

v0.0.1

v0.1.0

v0.2.0

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.2.0

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.5.10

v2.5.11

v2.5.12

v2.5.13

v2.5.14

v2.5.15

v2.5.16

v2.5.17

v2.6.0

v2.6.1

v2.6.2

v2.6.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-92x3-mfjp-j3h3/GHSA-92x3-mfjp-j3h3.json"