Plateforme
other
Composant
pocvuldb
Corrigé dans
20260116.0.1
CVE-2026-1598 is a cross-site scripting (XSS) vulnerability affecting Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The vulnerability resides in the User Information Module's /dashboard/home/profile endpoint. A public proof-of-concept is available, indicating a potential for widespread exploitation.
Successful exploitation of CVE-2026-1598 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, phishing attacks, and defacement of the restaurant management system's interface. An attacker could steal sensitive user data, such as login credentials or payment information. Given the nature of restaurant management systems, this could also impact customer data and financial records. The ability to execute code remotely significantly increases the attack surface and potential for damage.
CVE-2026-1598 has been publicly disclosed and a proof-of-concept is available, indicating a relatively high probability of exploitation. The vulnerability was reported on 2026-01-29. The vendor was contacted but did not respond. The CVSS score is LOW, suggesting the exploit may require specific conditions or user interaction, but the public availability of a PoC increases the risk.
Restaurants and food service businesses utilizing Bdtask Bhojon All-In-One Restaurant Management System, particularly those running versions prior to a patch release, are at risk. Shared hosting environments where multiple restaurants share the same instance of the software are also particularly vulnerable, as a compromise of one restaurant could impact others.
disclosure
Statut de l'Exploit
EPSS
0.03% (percentile 9%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-1598 is to upgrade to a patched version of Bdtask Bhojon All-In-One Restaurant Management System. Unfortunately, a fixed version is not explicitly provided in the CVE data. As a temporary workaround, consider implementing strict input validation on the fullname parameter within the /dashboard/home/profile endpoint. This should include sanitizing user input to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. Review and update any existing security policies to reflect this vulnerability.
Mettre à jour vers une version postérieure à 20260116 ou appliquer le correctif fourni par le fournisseur, si disponible. En l'absence d'une solution officielle, envisager de désactiver ou de supprimer le module affecté jusqu'à ce qu'une mise à jour sécurisée soit publiée. Vérifier et nettoyer les entrées utilisateur dans le champ 'fullname' pour éviter l'injection de code malveillant.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-1598 is a cross-site scripting (XSS) vulnerability in Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116, allowing attackers to inject malicious scripts.
You are affected if you are using Bdtask Bhojon All-In-One Restaurant Management System version 20260116 or earlier. A patched version is needed.
Upgrade to a patched version of Bdtask Bhojon All-In-One Restaurant Management System. As a temporary workaround, implement input validation on the fullname parameter.
A public proof-of-concept exists, suggesting a potential for active exploitation. Monitor your systems for suspicious activity.
The vendor was contacted but did not respond. Check the Bdtask Bhojon website or contact their support for updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.