CVE-2025-7143
BaseFortify
Publication date: 2025-07-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mayurik | best_salon_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) issue in the Best Salon Management System version 1.0, specifically in the Update Tax Page (/panel/edit-tax.php). It occurs because the 'Tax Name' input is not properly sanitized, allowing authenticated attackers to inject malicious scripts. These scripts can then execute within the context of the application, potentially affecting other users or the system's behavior. [1, 2]
How can this vulnerability impact me? :
The vulnerability allows an attacker who is authenticated and interacts with the system to inject malicious scripts via the 'Tax Name' field. This can lead to unauthorized script execution, potentially compromising data integrity or causing unintended actions within the application. However, exploitation requires authentication and user interaction, and the overall severity is considered low. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying the presence of the vulnerable page /panel/edit-tax.php in the SourceCodester Best Salon Management System 1.0. One method is to use Google dorking with queries such as "inurl:panel/edit-tax.php" to find potentially vulnerable targets. Additionally, testing the "Tax Name" input field on the Update Tax Page for cross-site scripting by injecting benign script payloads can help confirm the vulnerability. Since exploitation requires authentication, scanning for this page and manual or automated testing with authenticated sessions is necessary. [2]
What immediate steps should I take to mitigate this vulnerability?
No known countermeasures or mitigations have been documented for this vulnerability. It is suggested to consider replacing the affected product with an alternative. Immediate steps include restricting access to the vulnerable page to trusted users only, monitoring for suspicious activity, and applying strict input validation and sanitization on the "Tax Name" field if possible. Since the exploit requires authentication and user interaction, limiting user privileges and educating users about phishing or social engineering attacks may reduce risk. [2]