CVE Catalog

CVE-2023-3890

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

39th percentile — higher than 39% of all known CVEs

Summary

A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 that allows cross site scripting via manipulation of the id argument in the /admin/edit-accepted-appointment.php file. The attack can be initiated remotely.

Risk Assessment

This vulnerability may lead to user data theft and session hijacking, posing a significant security risk to the organization.

Recommendation

It is recommended to update the system to the latest version and implement proper input sanitization filters to minimize the risk of XSS attacks.

Original NVD description (English source)

A vulnerability classified as problematic has been found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/edit-accepted-appointment.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235251.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS