Cross-Site Scripting Vulnerability in Campcodes Online Beauty Parlor Management System
CVE-2025-13484
Key Information:
- Vendor
Campcodes
- Vendor
- CVE Published:
- 20 November 2025
Badges
What is CVE-2025-13484?
A cross-site scripting vulnerability exists in Campcodes Complete Online Beauty Parlor Management System 1.0 within the /admin/customer-list.php file. This flaw allows an attacker to manipulate the 'Name' argument, enabling them to execute arbitrary JavaScript code in the context of the user's session. The exploit is accessible publicly, posing significant risks for remote attackers aiming to compromise the integrity of the web application and its users.
Affected Version(s)
Complete Online Beauty Parlor Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved