Cross Site Scripting Vulnerability in Donglight Bookstore by Donglight
CVE-2024-13196

Currently unrated

Key Information:

Vendor: Donglight
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-13196?

A cross site scripting vulnerability has been identified in the Donglight Bookstore, specifically affecting the BookSearchList function located in the BookInfoController.java file. This issue arises from improper handling of user input for the 'keywords' argument, allowing attackers to inject malicious scripts remotely. The vulnerability not only poses risks to users accessing the bookstore but also exposes potential exploitation avenues that could lead to unauthorized data access or manipulation. This critical flaw has been publicly disclosed, heightening the urgency for users and administrators to apply necessary patches or mitigations.

References

https://github.com/donglight/bookstore/issues/12

https://github.com/donglight/bookstore/issues/12#issue-27...

https://vuldb.com/?ctiid.290788

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025