Plateforme
java
Composant
bookstore
Corrigé dans
1.0.1
CVE-2024-13196 describes a cross-site scripting (XSS) vulnerability affecting the Donglight Bookstore电商书城系统说明 software. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or defacement. The vulnerability impacts versions 1.0.0 through 1.0.0 and has been resolved in version 1.0.1.
Successful exploitation of CVE-2024-13196 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Donglight Bookstore电商书城系统说明 platform. This can be leveraged to steal sensitive information like session cookies, redirect users to malicious websites, or modify the content of the website. The impact is amplified if the bookstore handles user credentials or financial data, as attackers could potentially gain access to these sensitive resources. The vulnerability's remote accessibility increases the potential attack surface, making it a concern for publicly accessible instances of the software.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. No specific KEV listing or EPSS score is currently available. Public proof-of-concept (POC) code may be available or emerge, further increasing the risk. The vulnerability was published on 2025-01-09.
Organizations and individuals using the Donglight Bookstore电商书城系统说明 software, particularly those with publicly accessible instances and those who haven't implemented robust input validation practices, are at risk. Shared hosting environments where multiple users share the same instance of the software are also particularly vulnerable.
• java / server:
grep -r 'BookSearchList.java' /path/to/donglight/bookstore/• generic web:
curl -I https://your-bookstore-url.com/booksearch?keywords=<script>alert(1)</script>disclosure
Statut de l'Exploit
EPSS
0.16% (percentile 37%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-13196 is to immediately upgrade to version 1.0.1 of the Donglight Bookstore电商书城系统说明 software. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the 'keywords' parameter within the BookSearchList function. While not a complete solution, this can reduce the risk of successful exploitation. Review web application firewall (WAF) rules to block suspicious requests containing potentially malicious JavaScript code. Monitor application logs for unusual activity, particularly requests containing unusual characters or patterns in the 'keywords' parameter.
Actualizar a una versión parcheada del software. Contacte al proveedor para obtener la versión corregida o aplique las medidas de seguridad recomendadas para mitigar la vulnerabilidad XSS.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-13196 is a cross-site scripting (XSS) vulnerability in Donglight Bookstore电商书城系统说明 versions 1.0.0-1.0.0, allowing attackers to inject malicious scripts.
If you are using Donglight Bookstore电商书城系统说明 version 1.0.0, you are potentially affected by this vulnerability.
Upgrade to version 1.0.1 of Donglight Bookstore电商书城系统说明 to resolve the vulnerability. Input validation is a temporary workaround.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Active exploitation is possible.
Refer to the vendor's official advisory for Donglight Bookstore电商书城系统说明 for detailed information and updates regarding CVE-2024-13196.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier pom.xml et nous te dirons instantanément si tu es affecté.