平台
other
组件
pocvuldb
修复版本
20260116.0.1
CVE-2026-1598 is a cross-site scripting (XSS) vulnerability affecting Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The vulnerability resides in the User Information Module's /dashboard/home/profile endpoint. A public proof-of-concept is available, indicating a potential for widespread exploitation.
Successful exploitation of CVE-2026-1598 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, phishing attacks, and defacement of the restaurant management system's interface. An attacker could steal sensitive user data, such as login credentials or payment information. Given the nature of restaurant management systems, this could also impact customer data and financial records. The ability to execute code remotely significantly increases the attack surface and potential for damage.
CVE-2026-1598 has been publicly disclosed and a proof-of-concept is available, indicating a relatively high probability of exploitation. The vulnerability was reported on 2026-01-29. The vendor was contacted but did not respond. The CVSS score is LOW, suggesting the exploit may require specific conditions or user interaction, but the public availability of a PoC increases the risk.
Restaurants and food service businesses utilizing Bdtask Bhojon All-In-One Restaurant Management System, particularly those running versions prior to a patch release, are at risk. Shared hosting environments where multiple restaurants share the same instance of the software are also particularly vulnerable, as a compromise of one restaurant could impact others.
disclosure
漏洞利用状态
EPSS
0.03% (9% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-1598 is to upgrade to a patched version of Bdtask Bhojon All-In-One Restaurant Management System. Unfortunately, a fixed version is not explicitly provided in the CVE data. As a temporary workaround, consider implementing strict input validation on the fullname parameter within the /dashboard/home/profile endpoint. This should include sanitizing user input to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS attacks can also provide an additional layer of protection. Review and update any existing security policies to reflect this vulnerability.
升级到 20260116 之后的版本,或如果供应商提供了补丁,则应用该补丁。如果不存在官方解决方案,请考虑禁用或删除受影响的模块,直到发布安全更新。验证并清理 'fullname' 字段中的用户输入,以防止恶意代码注入。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-1598 is a cross-site scripting (XSS) vulnerability in Bdtask Bhojon All-In-One Restaurant Management System versions up to 20260116, allowing attackers to inject malicious scripts.
You are affected if you are using Bdtask Bhojon All-In-One Restaurant Management System version 20260116 or earlier. A patched version is needed.
Upgrade to a patched version of Bdtask Bhojon All-In-One Restaurant Management System. As a temporary workaround, implement input validation on the fullname parameter.
A public proof-of-concept exists, suggesting a potential for active exploitation. Monitor your systems for suspicious activity.
The vendor was contacted but did not respond. Check the Bdtask Bhojon website or contact their support for updates.