Cross Site Scripting Vulnerability in Code-Projects Online Book Shop 1.0
CVE-2025-0295
Key Information:
- Vendor
- Code-projects
- Status
- Vendor
- CVE Published:
- 7 January 2025
Badges
Summary
A cross site scripting (XSS) vulnerability exists in Code-Projects Online Book Shop 1.0, specifically within the file /booklist.php?subcatid=1. The vulnerability arises from improper handling of the 'subcatnm' parameter, which allows attackers to inject malicious scripts. This vulnerability is particularly concerning as it can be exploited remotely, potentially leading to unauthorized access or manipulation of session data. Awareness and prompt mitigation strategies are crucial, as the exploit details have been made public.
Affected Version(s)
Online Book Shop 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved