Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 23 Jun 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Powerschool
Powerschool employee Access Center |
|
| Vendors & Products |
Powerschool
Powerschool employee Access Center |
Thu, 18 Jun 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 16 Jun 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it be eval()'d in the page and execute in the context of the user. | |
| Title | Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10 | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: palo_alto
Published:
Updated: 2026-06-17T15:04:57.848Z
Reserved: 2026-06-16T17:02:05.062Z
Link: CVE-2026-12425
Updated: 2026-06-17T15:04:54.461Z
Status : Awaiting Analysis
Published: 2026-06-16T20:16:28.443
Modified: 2026-06-16T20:42:25.013
Link: CVE-2026-12425
No data.
OpenCVE Enrichment
Updated: 2026-06-23T21:05:01Z