Platform
php
Component
03262c6ce877137b61d745a2e4fe8a63
Fixed in
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in Online Book Shop versions 1.0 through 1.0. This flaw resides within the /subcat.php file and allows attackers to inject malicious scripts by manipulating the 'catnm' argument. The vulnerability is remotely exploitable and has been publicly disclosed, posing a potential risk to users.
Successful exploitation of CVE-2025-0301 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Online Book Shop application. This can lead to various malicious outcomes, including session hijacking, defacement of the website, redirection to phishing sites, and theft of sensitive user data such as login credentials or personal information. The impact is amplified if the application handles sensitive data or integrates with other systems, potentially enabling lateral movement within the network.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on user data warrant prompt remediation. No KEV listing or active exploitation campaigns have been publicly reported as of the publication date.
Exploit Status
EPSS
0.24% (46% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-0301 is to upgrade to version 1.0.1 of Online Book Shop, which includes the necessary fix. If immediate upgrading is not possible, consider implementing input validation and sanitization on the 'catnm' parameter within the /subcat.php file to prevent the injection of malicious scripts. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrading, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the 'catnm' parameter and verifying that it is properly sanitized.
Update or discontinue use of Online Book Shop 1.0. Because no patched version is available, it is recommended to remove the software or implement additional security measures, such as user input validation and sanitization, to mitigate the risk of XSS.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-0301 is a cross-site scripting (XSS) vulnerability affecting Online Book Shop versions 1.0 through 1.0, allowing attackers to inject malicious scripts via the /subcat.php file.
Yes, if you are running Online Book Shop version 1.0 or 1.0, you are affected by this vulnerability and should upgrade immediately.
Upgrade to version 1.0.1 of Online Book Shop. As a temporary workaround, implement input validation and sanitization on the 'catnm' parameter.
While no active exploitation campaigns have been publicly reported, the vulnerability has been disclosed and may be targeted.
Refer to the Online Book Shop project's official website or repository for the latest security advisory regarding CVE-2025-0301.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.