CVE-2025-7141 MEDIUM

CVE-2025-7141: SourceCodester Best Salon Management System Update Staff Page edit_plan.php cross site scripting

Vendor Sourcecodester

Product Best Salon Management System

Weakness CWE-79 · XSS

Published July 7, 2025

Last update July 7, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the component Update Staff Page. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

July 7, 2025 CVE published

July 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7141 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-11332 HIPAA Compliant Forms with Drag’n’Drop HIPAA Form Builder. Sign HIPAA documents <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-40648 Stored Cross-Site Scripting (XSS) vulnerability in Issabel products CVE-2026-32859 ByteDance DeerFlow Stored XSS via Inline Artifact Rendering CVE-2026-2837 Ricerca – advanced search <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings CVE-2026-24674 Open eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple Endpoints