CVE-2023-3890
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 that allows cross site scripting via manipulation of the id argument in the /admin/edit-accepted-appointment.php file. The attack can be initiated remotely.
Risk Assessment
This vulnerability may lead to user data theft and session hijacking, posing a significant security risk to the organization.
Recommendation
It is recommended to update the system to the latest version and implement proper input sanitization filters to minimize the risk of XSS attacks.
Original NVD description (English source)
A vulnerability classified as problematic has been found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/edit-accepted-appointment.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235251.

