CVE-2025-3962 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

April 27, 2025

CVE ID : CVE-2025-3962

Published : April 27, 2025, 7:15 a.m. | 1 hour ago

Description : A vulnerability classified as problematic was found in withstars Books-Management-System 1.0. This vulnerability affects unknown code of the file /api/comment/add of the component Comment Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleRilasciato Auto-cpufreq 2.6: Ottimizzazione avanzata della CPU su GNU/Linux

Next Article CVE-2025-3961 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

Highlights

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

May 22, 2025

CVE ID : CVE-2024-7103

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser.

While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-3962 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 24

Shiori is a simple bookmark manager

Scaling up learning across many different robot types

How to watch Microsoft’s special 50th anniversary Copilot event

CVE-2025-48060 – jq Heap Buffer Overflow Vulnerability

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

CVE-2025-24206 – Apple Local Network Authentication Bypass

DMARC Record Explained: Strengthen Your Email Authentication And Deliverability Quickly

This popular Soulslike game has fans divided on a controversial change

CVE-2025-3962 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

Related Posts