PatchSiren

PowerSchool CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM PowerSchool CVE published 2026-06-16

CVE-2026-12425

A Cross-Site Scripting (XSS) vulnerability, known as Improper Neutralization of Input During Web Page Generation, has been discovered in PowerSchool Employee Access Center version 23.10. This vulnerability allows an attacker to add JavaScript code after the login URL, which is then evaluated and executed in the context of the user.