Caigosec

**Name of the Vulnerable Software and Affected Versions** withstars Books-Management-System version 1.0 **Description** A critical issue affects an unknown functionality of the file /allreaders.html in the Background Interface component, leading to missing authorization. The attack can be launched remotely, and the exploit has been disclosed to the public. This issue only affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling access to the /allreaders.html file until a patch is available. Restrict access to the Background Interface component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** withstars Books-Management-System version 1.0 **Description** A vulnerability has been found in withstars Books-Management-System. This affects an unknown part of the file "/admin/article/add/do". The manipulation of the argument `Title` leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This issue only affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider disabling access to the "/admin/article/add/do" endpoint until a patch is available. Restrict the use of the `Title` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** withstars Books-Management-System version 1.0 **Description** A vulnerability was found in the withstars Books-Management-System, affecting unknown code of the file "/api/comment/add" of the component Comment Handler. The manipulation of the argument content leads to cross-site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For withstars Books-Management-System version 1.0, as a temporary workaround, consider disabling the "/api/comment/add" API endpoint until a patch is available. Restrict access to the Comment Handler component to minimize the risk of exploitation. Avoid using the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** withstars Books-Management-System version 1.0 **Description** A critical issue has been found in the Background Interface of the withstars Books-Management-System, affecting the file /admin/article/list. This issue leads to missing authorization, allowing for remote attacks. The exploit has been disclosed publicly. This vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For withstars Books-Management-System version 1.0, as a temporary workaround, consider disabling access to the /admin/article/list file until a patch is available. Restrict access to the Background Interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** withstars Books-Management-System version 1.0 **Description** A problematic issue was found in the software, affecting an unknown function of the `/api/article/del` API endpoint of the Article Handler component. This issue leads to cross-site request forgery and can be exploited remotely. The exploit has been disclosed publicly. **Recommendations** For withstars Books-Management-System version 1.0, as the product is no longer supported by the maintainer, there is no information about a newer version that contains a fix for this issue.