CVE-2025-3962

Name of the Vulnerable Software and Affected Versions withstars Books-Management-System version 1.0

Description A vulnerability was found in the withstars Books-Management-System, affecting unknown code of the file "/api/comment/add" of the component Comment Handler. The manipulation of the argument content leads to cross-site scripting. The attack can be initiated remotely. This vulnerability only affects products that are no longer supported by the maintainer.

Recommendations For withstars Books-Management-System version 1.0, as a temporary workaround, consider disabling the "/api/comment/add" API endpoint until a patch is available. Restrict access to the Comment Handler component to minimize the risk of exploitation. Avoid using the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.