Cross-Site Scripting Vulnerability in SourceCodester Best Salon Management System
CVE-2025-7139
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 7 July 2025
Badges
What is CVE-2025-7139?
A cross-site scripting vulnerability has been identified in the Best Salon Management System 1.0 by SourceCodester. An issue exists within the file /panel/edit-customer-detailed.php, specifically affecting the processing of user input in the Update Customer Details Page. The improper handling of the Name parameter allows for remote exploitation, potentially leading to malicious scripts being executed in the context of the user's browser. This vulnerability has been publicly disclosed, making it essential for users to take immediate action to secure their systems.
Affected Version(s)
Best Salon Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved