CVE-2025-7142
BaseFortify
Publication date: 2025-07-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mayurik | best_salon_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7142 is a cross-site scripting (XSS) vulnerability in the Best Salon Management System version 1.0, specifically in the file /panel/search-appointment.php. It occurs because user input is not properly neutralized before being included in the web page output, allowing authenticated attackers to inject malicious scripts. This can be exploited remotely but requires the attacker to have valid user credentials and some user interaction. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with valid credentials to execute malicious scripts within the application, potentially compromising system functionality and data integrity. Although the severity is rated low, it can lead to unauthorized actions or manipulation of the system through injected scripts. Exploitation requires authentication and user interaction, limiting the attack scope but still posing a risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying instances of the vulnerable file /panel/search-appointment.php on your system or network. One suggested method is to use Google dorking with the query "inurl:panel/search-appointment.php" to find potentially vulnerable targets. Additionally, since exploitation requires authentication and involves user-controllable input, monitoring web application logs for suspicious input patterns or script injections targeting this endpoint may help. Specific commands are not provided, but searching for the vulnerable URL or scanning for the file presence is recommended. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected /panel/search-appointment.php file to trusted users only, as exploitation requires authentication. Since no known mitigations or countermeasures have been published, it is suggested to replace the affected product with an alternative. Additionally, applying strict input validation and output encoding on user inputs in the affected component can help prevent XSS attacks. Monitoring for suspicious activity and limiting user privileges may also reduce risk. [2]