CVE-2023-49540

Name of the Vulnerable Software and Affected Versions Book Store Management System version 1.0

Description A cross-site scripting (XSS) issue was found in the /bsms ci/index.php/history endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the history parameter.

Recommendations For Book Store Management System version 1.0, as a temporary workaround, consider restricting access to the /bsms ci/index.php/history endpoint until a patch is available. Avoid using the history parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.