A vulnerability pertaining to Stored Cross-site Scripting (XSS) has been identified in version 1.0.1 of School-Management-System---PHP-MySQL at /subject.php . This flaw enables attackers to inject a malicious script containing JavaScript code. Subsequently, this code may be triggered upon viewing the subjects tab.