Plataforma
php
Componente
03262c6ce877137b61d745a2e4fe8a63
Corrigido em
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in Online Book Shop versions 1.0 through 1.0. This flaw resides within the /subcat.php file and allows attackers to inject malicious scripts by manipulating the 'catnm' argument. The vulnerability is remotely exploitable and has been publicly disclosed, posing a potential risk to users.
Successful exploitation of CVE-2025-0301 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Online Book Shop application. This can lead to various malicious outcomes, including session hijacking, defacement of the website, redirection to phishing sites, and theft of sensitive user data such as login credentials or personal information. The impact is amplified if the application handles sensitive data or integrates with other systems, potentially enabling lateral movement within the network.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the ease of exploitation and potential impact on user data warrant prompt remediation. No KEV listing or active exploitation campaigns have been publicly reported as of the publication date.
Online Book Shop installations running versions 1.0 through 1.0 are at direct risk. Shared hosting environments where multiple users share the same server and application instance are particularly vulnerable, as an attacker could potentially compromise other users through this vulnerability.
• php / web:
grep -r "catnm" /var/www/html/subcat.php• generic web:
curl -I http://your-online-book-shop.com/subcat.php?catnm=<script>alert(1)</script>disclosure
Status do Exploit
EPSS
0.24% (percentil 46%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-0301 is to upgrade to version 1.0.1 of Online Book Shop, which includes the necessary fix. If immediate upgrading is not possible, consider implementing input validation and sanitization on the 'catnm' parameter within the /subcat.php file to prevent the injection of malicious scripts. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can also provide a temporary layer of protection. After upgrading, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the 'catnm' parameter and verifying that it is properly sanitized.
Actualizar o descontinuar el uso de Online Book Shop 1.0. Debido a que no hay una versión corregida disponible, se recomienda eliminar el software o implementar medidas de seguridad adicionales, como la validación y el saneamiento de las entradas del usuario, para mitigar el riesgo de XSS.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-0301 is a cross-site scripting (XSS) vulnerability affecting Online Book Shop versions 1.0 through 1.0, allowing attackers to inject malicious scripts via the /subcat.php file.
Yes, if you are running Online Book Shop version 1.0 or 1.0, you are affected by this vulnerability and should upgrade immediately.
Upgrade to version 1.0.1 of Online Book Shop. As a temporary workaround, implement input validation and sanitization on the 'catnm' parameter.
While no active exploitation campaigns have been publicly reported, the vulnerability has been disclosed and may be targeted.
Refer to the Online Book Shop project's official website or repository for the latest security advisory regarding CVE-2025-0301.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.