{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-14991","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-12-20T07:48:52.936Z","datePublished":"2025-12-21T03:32:08.281Z","dateUpdated":"2026-02-24T05:59:34.876Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-24T05:59:34.876Z"},"title":"Campcodes Complete Online Beauty Parlor Management System bwdates-reports-details.php cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"Campcodes","product":"Complete Online Beauty Parlor Management System","versions":[{"version":"1.0","status":"affected"}],"cpes":["cpe:2.3:a:campcodes:complete_online_beauty_parlor_management_system:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A weakness has been identified in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. Executing a manipulation of the argument fromdate can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":4.8,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":2.4,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":2.4,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":3.3,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-12-20T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-12-20T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-12-31T00:48:36.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"E1nzbren (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.337685","name":"VDB-337685 | Campcodes Complete Online Beauty Parlor Management System bwdates-reports-details.php cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.337685","name":"VDB-337685 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.718458","name":"Submit #718458 | campcodes Complete Online Beauty Parlor Management System V1.0 cross site scripting","tags":["third-party-advisory"]},{"url":"https://github.com/funnnxxx/my-cve/issues/1","tags":["exploit","issue-tracking"]},{"url":"https://www.campcodes.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-22T14:59:19.265855Z","id":"CVE-2025-14991","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-22T14:59:36.123Z"}}]}}