CVE-2025-15188
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into the Campcodes Complete Online Beauty Parlor Management System 1.0 through the searchdata parameter in /admin/search-invoices.php. When exploited, it enables cross-site scripting attacks that can steal session cookies, redirect users, or deface the admin interface. Organizations using this specific software version are affected.
💻 Affected Systems
- Campcodes Complete Online Beauty Parlor Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal admin session cookies, gain full administrative access to the system, manipulate customer data, and potentially pivot to other systems.
Likely Case
Session hijacking leading to unauthorized access to the admin panel, data manipulation, or defacement of the interface.
If Mitigated
Limited to interface manipulation with no data compromise if proper input validation and output encoding are implemented.
🎯 Exploit Status
Exploit requires admin panel access; public disclosure increases likelihood of weaponization.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://www.campcodes.com/
Restart Required: No
Instructions:
No official patch available. Implement input validation and output encoding in /admin/search-invoices.php.
🔧 Temporary Workarounds
Input Validation Filter
allAdd server-side validation to sanitize searchdata parameter
Modify /admin/search-invoices.php to filter HTML/script tags from searchdata input
Output Encoding
allEncode all user-controlled output before rendering
Use htmlspecialchars() or similar functions when outputting searchdata
🧯 If You Can't Patch
- Restrict admin panel access to trusted IP addresses only
- Implement web application firewall (WAF) rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Test by injecting <script>alert('XSS')</script> into searchdata parameter of /admin/search-invoices.phpCheck Version:
Check software version in admin panel or configuration filesVerify Fix Applied:
Verify script injection no longer executes and input is properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual search queries containing script tags in admin logs
- Multiple failed login attempts followed by XSS payloads
Network Indicators:
- HTTP requests to /admin/search-invoices.php with script tags in parameters
SIEM Query:
source="web_logs" AND uri="/admin/search-invoices.php" AND (searchdata CONTAINS "<script>" OR searchdata CONTAINS "javascript:")