Vulnerabilidade de Cross Site Scripting (XSS) em informações de perfil do usuário no sistema de gerenciamento de restaurantes All-In-One Bdtask Bhojon
Plataforma
other
Componente
pocvuldb
Corrigido em
20260116.0.1
CVE-2026-1598 is a cross-site scripting (XSS) vulnerability affecting Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The vulnerability resides in the User Information Module's /dashboard/home/profile endpoint. A public proof-of-concept is available, indicating a potential for widespread exploitation.
Impacto e Cenários de Ataquetraduzindo…
Successful exploitation of CVE-2026-1598 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, phishing attacks, and defacement of the restaurant management system's interface. An attacker could steal sensitive user data, such as login credentials or payment information. Given the nature of restaurant management systems, this could also impact customer data and financial records. The ability to execute code remotely significantly increases the attack surface and potential for damage.
Contexto de Exploraçãotraduzindo…
CVE-2026-1598 has been publicly disclosed and a proof-of-concept is available, indicating a relatively high probability of exploitation. The vulnerability was reported on 2026-01-29. The vendor was contacted but did not respond. The CVSS score is LOW, suggesting the exploit may require specific conditions or user interaction, but the public availability of a PoC increases the risk.
Quem Está em Riscotraduzindo…
Restaurants and food service businesses utilizing Bdtask Bhojon All-In-One Restaurant Management System, particularly those running versions prior to a patch release, are at risk. Shared hosting environments where multiple restaurants share the same instance of the software are also particularly vulnerable, as a compromise of one restaurant could impact others.
Linha do Tempo do Ataque
- Disclosure
disclosure
Inteligência de Ameaças
Status do Exploit
EPSS
0.03% (percentil 9%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Baixo — qualquer conta de usuário válida é suficiente.
- User Interaction
- Necessária — a vítima deve abrir um arquivo, clicar em um link ou visitar uma página.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Nenhum — sem impacto na confidencialidade.
- Integrity
- Baixo — o atacante pode modificar alguns dados com alcance limitado.
- Availability
- Nenhum — sem impacto na disponibilidade.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2026-1598 is to upgrade to a patched version of Bdtask Bhojon All-In-One Restaurant Management System. Unfortunately, a fixed version is not explicitly provided in the CVE data. As a temporary workaround, consider implementing strict input validation on the fullname parameter within the /dashboard/home/profile endpoint. This should include sanitizing user input to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. Review and update any existing security policies to reflect this vulnerability.
Como corrigir
Atualizar para uma versão posterior a 20260116 ou aplicar o patch fornecido pelo fornecedor, se existir. Caso não haja uma solução oficial, considere desabilitar ou remover o módulo afetado até que uma atualização segura seja publicada. Verificar e limpar as entradas do usuário no campo 'fullname' para evitar a injeção de código malicioso.
Boletim de Segurança CVE
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Perguntas frequentestraduzindo…
What is CVE-2026-1598 — XSS in Bdtask Bhojon Restaurant Management?
CVE-2026-1598 is a cross-site scripting (XSS) vulnerability in Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116, allowing attackers to inject malicious scripts.
Am I affected by CVE-2026-1598 in Bdtask Bhojon Restaurant Management?
You are affected if you are using Bdtask Bhojon All-In-One Restaurant Management System version 20260116 or earlier. A patched version is needed.
How do I fix CVE-2026-1598 in Bdtask Bhojon Restaurant Management?
Upgrade to a patched version of Bdtask Bhojon All-In-One Restaurant Management System. As a temporary workaround, implement input validation on the fullname parameter.
Is CVE-2026-1598 being actively exploited?
A public proof-of-concept exists, suggesting a potential for active exploitation. Monitor your systems for suspicious activity.
Where can I find the official Bdtask Bhojon advisory for CVE-2026-1598?
The vendor was contacted but did not respond. Check the Bdtask Bhojon website or contact their support for updates.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.