Cross-Site Scripting Flaw in Donglight Bookstore by Donglight
CVE-2024-13197

Currently unrated

Key Information:

Vendor: Donglight
Vendor: CVE Published:; 9 January 2025

What is CVE-2024-13197?

A cross-site scripting vulnerability has been identified in the Donglight Bookstore version 1.0.0, specifically affecting the updateUser function located in the AdminUserControlle.java file. This flaw allows malicious actors to manipulate user input, leading to potential exploitation through remote attacks. The vulnerability has been publicly disclosed, which raises concerns about its impact on users and the security of the application.

References

https://github.com/donglight/bookstore/issues/13

https://github.com/donglight/bookstore/issues/13#issue-27...

https://vuldb.com/?ctiid.290789

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025