प्लेटफ़ॉर्म
php
घटक
books-manager
में ठीक किया गया
298.0.1
CVE-2026-1444 describes a cross-site scripting (XSS) vulnerability discovered in iJason-Liu Books_Manager. This flaw allows attackers to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The vulnerability affects versions up to 298ba736387ca37810466349af13a0fdf828e99c. Due to the lack of versioning, a direct patch is unavailable.
An attacker can exploit this XSS vulnerability by crafting a malicious URL containing a specially crafted 'mark' parameter within the controllers/bookscenter/addbookcheck.php file. When a user visits this URL, the injected script will execute in their browser context. This could allow the attacker to steal session cookies, redirect the user to a phishing site, or modify the content of the page. The remote nature of the vulnerability means an attacker does not need to be authenticated to exploit it, expanding the potential attack surface. The impact is amplified if the BooksManager application is used in a sensitive context, such as handling user data or financial transactions.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. The lack of a direct patch makes it a higher priority for mitigation. No KEV listing or EPSS score is currently available. Public proof-of-concept exploits are likely to emerge given the vulnerability's public disclosure and ease of exploitation.
Organizations and individuals using iJason-Liu Books_Manager, particularly those hosting the application on shared hosting environments or without robust security controls, are at increased risk. Systems where user input is not properly validated are especially vulnerable.
• generic web: Use curl to test the controllers/bookscenter/addbook_check.php endpoint with various payloads in the mark parameter. Look for reflected input in the response.
curl 'http://your-books-manager-url/controllers/books_center/add_book_check.php?mark=<script>alert("XSS")</script>'• generic web: Examine access and error logs for suspicious requests targeting controllers/bookscenter/addbook_check.php with unusual parameters.
• generic web: Review response headers for any signs of XSS filtering or sanitization.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.03% (9% शतमक)
CISA SSVC
CVSS वेक्टर
Since a direct patch is unavailable, mitigation strategies focus on preventing the vulnerability from being exploited. Implement strict input validation on the 'mark' parameter in controllers/bookscenter/addbook_check.php, ensuring that it only accepts expected values. Deploy a Web Application Firewall (WAF) with rules to detect and block XSS attempts targeting this specific endpoint. Consider using a Content Security Policy (CSP) to restrict the sources from which scripts can be executed, limiting the impact of a successful XSS attack. Regularly review and sanitize user-supplied input throughout the application. After implementing these mitigations, test the application thoroughly to ensure that the vulnerability is no longer exploitable.
Books_Manager को 298ba736387ca37810466349af13a0fdf828e99c से बाद के संस्करण में अपडेट करें। यदि कोई संस्करण उपलब्ध नहीं है, तो controllers/books_center/add_book_check.php में कोड की समीक्षा करें और 'mark' तर्क में क्रॉस-साइट स्क्रिप्टिंग भेद्यता को ठीक करें। दुर्भावनापूर्ण कोड इंजेक्शन को रोकने के लिए उपयोगकर्ता इनपुट के लिए उचित सत्यापन और सैनिटाइजेशन लागू करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-1444 is a cross-site scripting (XSS) vulnerability affecting iJason-Liu Books_Manager versions up to 298ba736387ca37810466349af13a0fdf828e99c, allowing attackers to inject malicious scripts.
If you are using iJason-Liu Books_Manager version 298ba736387ca37810466349af13a0fdf828e99c or earlier, you are potentially affected by this vulnerability.
Due to the lack of versioning, a direct patch is unavailable. Mitigate by implementing input validation, WAF rules, and a Content Security Policy.
The vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Active exploitation is possible.
Consult the iJason-Liu Books_Manager project repository or contact the vendor directly for any available advisories.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।