Cross-Site Scripting Vulnerability in withstars Books-Management-System
CVE-2025-3958
Key Information:
- Vendor
Withstars
- Status
- Vendor
- CVE Published:
- 27 April 2025
Badges
What is CVE-2025-3958?
A cross-site scripting (XSS) vulnerability has been identified in the withstars Books-Management-System 1.0, specifically affecting the Book Edit Page component. This vulnerability resides in the handling of the 'Name' parameter within the file /book_edit_do.html, allowing attackers to execute arbitrary JavaScript code in the context of the user’s browser. As a result, an attacker can potentially hijack user sessions, redirect users to malicious sites, or perform other unauthorized actions. It is important to note that the affected product is no longer supported by the maintainer, which heightens the risk of exploitation. Users of the affected system should take immediate action to mitigate this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Books-Management-System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved