CVE-2025-7140
BaseFortify
Publication date: 2025-07-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mayurik | best_salon_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7140 is a Cross-Site Scripting (XSS) vulnerability in the Best Salon Management System version 1.0. It occurs in the Update Staff Page component at /panel/edit-staff.php, where the 'Staff Name' parameter does not properly neutralize user input. This allows an authenticated attacker to inject malicious scripts that execute in the context of other users. The attack requires authentication and some user interaction, and it can be launched remotely. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts within the application, potentially compromising data integrity and user sessions. Since the attack requires authentication and user interaction, it could be used to manipulate or hijack user accounts, steal sensitive information, or perform unauthorized actions within the system. The exploit is publicly available and can be launched remotely, increasing the risk of exploitation. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying instances of the vulnerable page /panel/edit-staff.php in the SourceCodester Best Salon Management System 1.0. One method is to use Google dorking with the query "inurl:panel/edit-staff.php" to find potentially vulnerable targets. Additionally, authenticated testing of the "Staff Name" parameter on the /panel/edit-staff.php page by injecting benign script payloads can help confirm the presence of the XSS vulnerability. There are no specific commands provided, but using web vulnerability scanners or manual testing with curl or browser developer tools targeting the Staff Name input can be effective. [2]
What immediate steps should I take to mitigate this vulnerability?
No known mitigations or countermeasures have been documented for this vulnerability. It is suggested to replace the affected product with an alternative. As an immediate step, restricting access to the vulnerable page to trusted users only and ensuring proper input validation and sanitization on the Staff Name parameter could help reduce risk until a patch or fix is available. [2]