CVE-2025-7140 MEDIUM

CVE-2025-7140: SourceCodester Best Salon Management System Update Staff Page edit-staff.php cross site scripting

Vendor Sourcecodester
Product Best Salon Management System
Weakness CWE-79 · XSS
Published July 7, 2025
Last update July 8, 2025
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

July 7, 2025 CVE published
July 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-36239 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2026-12560 Editorial Rating <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Link URL' Field CVE-2025-66522 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Digital IDs Common Name Field CVE-2025-24730 WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability CVE-2021-24427 W3 Total Cache < 2.1.3 - Authenticated Stored XSS