CVE-2026-12425

Vulnerability Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it be eval()'d in the page and execute in the context of the user.

Vulnerability Details

Published Date

June 16, 2026

Last Modified

June 16, 2026

CWE ID

CWE-79

Source

NVD

Vendor

PowerSchool

Product

Employee Access Center

External References

https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/blob/main/2026/PANW-2026-0002/PANW-2026-0002.md

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment