CVE Details
Basic Information
| Title | SourceCodester Best Salon Management System Admin Profile Page admin-profile.php cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-07-07T20:32:06.290Z |
| Modified | 2025-07-07T20:56:47.976Z |
Product Information
| Vendor | SourceCodester |
|---|---|
| Product | Best Salon Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability was discovered in the Admin Profile Page of SourceCodester’s Best Salon Management System version 1.0. This vulnerability allows remote attackers to inject malicious scripts via the Admin Name field, potentially leading to unauthorized actions. The issue is considered medium severity due to its impact, but the product’s niche usage may limit its overall risk. |
|---|---|
| AI Severity | Medium |
| AI Vendor | SourceCodester |
| AI Product | Best Salon Management System |
| AI Version | 1.0 |
Affected Products
- SourceCodester Best Salon Management System 1.0
Additional Information
| CWE List | CWE-79, CWE-94 |
|---|---|
| Source | VulDB |
Description
A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php of the component Admin Profile Page. The manipulation of the argument Admin Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.