CVE-2023-49539

Name of the Vulnerable Software and Affected Versions Book Store Management System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter in the "/bsms ci/index.php/category" API endpoint. This enables the execution of malicious code on the client-side.

Recommendations For Book Store Management System version 1.0, as a temporary workaround, consider restricting access to the "/bsms ci/index.php/category" API endpoint to minimize the risk of exploitation. Avoid using the category parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.