Cross Site Scripting Vulnerability in SourceCodester Best Salon Management System
CVE-2025-7144
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 7 July 2025
Badges
What is CVE-2025-7144?
A vulnerability has been identified in the SourceCodester Best Salon Management System 1.0, specifically within the /panel/admin-profile.php file of the Admin Profile Page component. This issue arises from improper handling of the Admin Name argument, leading to potential cross site scripting attacks. Attackers can exploit this vulnerability remotely, manipulating the affected code to inject malicious scripts that could be executed in the context of a user's browser. The public disclosure of this exploit raises concerns about the security of the system, urging users to take immediate precautions.
Affected Version(s)
Best Salon Management System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved