CVE-2025-7139
BaseFortify
Publication date: 2025-07-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mayurik | best_salon_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7139 is a cross-site scripting (XSS) vulnerability in the Best Salon Management System version 1.0, specifically in the update customer details page (/panel/edit-customer-detailed.php). It occurs due to improper neutralization of user input in the 'Name' argument, allowing authenticated attackers to inject malicious scripts. These scripts can then execute in the context of other users viewing the page, potentially compromising the system's functionality. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to inject malicious JavaScript code into the customer details update page. When other users view the affected page, the malicious script executes in their browsers, which can lead to session hijacking, unauthorized actions, or other malicious activities. Although the severity is rated as low to moderate, exploitation can compromise system integrity and user trust. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable page `/panel/edit-customer-detailed.php` in the SourceCodester Best Salon Management System 1.0. One method is to use Google dorking with the query `inurl:panel/edit-customer-detailed.php` to find potentially vulnerable targets. Additionally, scanning your web server for this specific URL or file can help identify if your system is affected. Since the vulnerability involves cross-site scripting via the 'Name' parameter, testing input fields on this page for script injection can also help detect the issue. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable page to trusted users only, as exploitation requires authentication. Since no known mitigations or countermeasures have been documented, it is recommended to replace the affected product with an alternative solution to avoid exploitation. Additionally, applying input validation and sanitization on the 'Name' parameter in the `/panel/edit-customer-detailed.php` page can help prevent cross-site scripting attacks. Monitoring and limiting user input on this page is advised until a patch or update is available. [2]