Skip to main content
CVE-2025-14991 LOW POC Monitor

Stored or reflected cross-site scripting (XSS) in Campcodes Complete Online Beauty Parlor Management System 1.0 allows high-privileged authenticated users to inject malicious scripts via the fromdate parameter in /admin/bwdates-reports-details.php, potentially compromising admin sessions or stealing sensitive data. Public exploit code exists, but exploitation requires admin-level privileges and user interaction (likely clicking a malicious link), limiting real-world attack surface despite CVSS 1.9 indicating minimal risk.

PHP XSS Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy