PT-2025-2054 · Unknown · Donglight Bookstore

Lvzc2

Published

2025-01-09

Updated

2025-01-09

CVE-2024-13196

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions donglight bookstore versions 1.0.0

Description The issue affects the BookSearchList function in the BookInfoController.java file. It is caused by the manipulation of the keywords argument, leading to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0.0, consider disabling the BookSearchList function until a patch is available. Restrict access to the BookInfoController.java file to minimize the risk of exploitation. Avoid using the keywords argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2024-13196

Affected Products

Donglight Bookstore

PT-2025-2054 · Unknown · Donglight Bookstore

CVE-2024-13196

Weakness Enumeration

Related Identifiers

Affected Products

References · 10