CVE-2023-3887
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk41th percentile — higher than 41% of all known CVEs
Summary
A vulnerability was found in Campcodes Beauty Salon Management System 1.0 that allows cross site scripting (XSS) attacks through manipulation of the searchdata argument in the /admin/search-appointment.php file. The attack can be launched remotely.
Risk Assessment
This vulnerability poses a risk of exploitation by malicious users to inject scripts, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to update the system to the latest version that addresses this vulnerability and to implement input data filtering to prevent XSS attacks.
Original NVD description (English source)
A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235249 was assigned to this vulnerability.

