Y1Fan

**Name of the Vulnerable Software and Affected Versions** iJason-Liu Books Manager (affected versions not specified) **Description** A cross site scripting issue exists in the file `controllers/books center/add book check.php`. Manipulation of the `mark` argument can lead to exploitation. The attack can be launched remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iJason-Liu Books Manager versions prior to 298ba736387ca37810466349af13a0fdf828e99c **Description** A flaw exists in iJason-Liu Books Manager that allows for unrestricted file uploads. This issue is related to the manipulation of the `book cover` argument within the file controllers/books center/upload bookCover.php. The attack can be initiated remotely. The exploit has been publicly released. **Recommendations** Versions prior to 298ba736387ca37810466349af13a0fdf828e99c should be updated. As a temporary workaround, restrict access to the file `controllers/books center/upload bookCover.php` until a patch is available. Avoid uploading files through the `book cover` parameter until the issue is resolved.