Plattform
other
Komponente
pocvuldb
Behoben in
20260116.0.1
CVE-2026-1598 is a cross-site scripting (XSS) vulnerability affecting Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The vulnerability resides in the User Information Module's /dashboard/home/profile endpoint. A public proof-of-concept is available, indicating a potential for widespread exploitation.
Successful exploitation of CVE-2026-1598 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, phishing attacks, and defacement of the restaurant management system's interface. An attacker could steal sensitive user data, such as login credentials or payment information. Given the nature of restaurant management systems, this could also impact customer data and financial records. The ability to execute code remotely significantly increases the attack surface and potential for damage.
CVE-2026-1598 has been publicly disclosed and a proof-of-concept is available, indicating a relatively high probability of exploitation. The vulnerability was reported on 2026-01-29. The vendor was contacted but did not respond. The CVSS score is LOW, suggesting the exploit may require specific conditions or user interaction, but the public availability of a PoC increases the risk.
Restaurants and food service businesses utilizing Bdtask Bhojon All-In-One Restaurant Management System, particularly those running versions prior to a patch release, are at risk. Shared hosting environments where multiple restaurants share the same instance of the software are also particularly vulnerable, as a compromise of one restaurant could impact others.
disclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-1598 is to upgrade to a patched version of Bdtask Bhojon All-In-One Restaurant Management System. Unfortunately, a fixed version is not explicitly provided in the CVE data. As a temporary workaround, consider implementing strict input validation on the fullname parameter within the /dashboard/home/profile endpoint. This should include sanitizing user input to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. Review and update any existing security policies to reflect this vulnerability.
Aktualisieren auf eine Version nach 20260116 oder den vom Anbieter bereitgestellten Patch anwenden, falls vorhanden. Falls keine offizielle Lösung vorliegt, den betroffenen Modul deaktivieren oder entfernen, bis ein sicheres Update veröffentlicht wird. Benutzer-Eingaben im Feld 'fullname' überprüfen und bereinigen, um die Injektion von bösartigem Code zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-1598 is a cross-site scripting (XSS) vulnerability in Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116, allowing attackers to inject malicious scripts.
You are affected if you are using Bdtask Bhojon All-In-One Restaurant Management System version 20260116 or earlier. A patched version is needed.
Upgrade to a patched version of Bdtask Bhojon All-In-One Restaurant Management System. As a temporary workaround, implement input validation on the fullname parameter.
A public proof-of-concept exists, suggesting a potential for active exploitation. Monitor your systems for suspicious activity.
The vendor was contacted but did not respond. Check the Bdtask Bhojon website or contact their support for updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.