CVE-2025-3962 MEDIUM

CVE-2025-3962: withstars Books-Management-System Comment add cross site scripting

Vendor Withstars
Product Books-Management-System
Weakness CWE-79 · XSS
Published April 27, 2025
Last update April 28, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in withstars Books-Management-System 1.0. This vulnerability affects unknown code of the file /api/comment/add of the component Comment Handler. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

April 27, 2025 CVE published
April 28, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-1327 Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting CVE-2021-35240 Stored XSS via Help Server settings CVE-2024-5878 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library CVE-2025-32529 WordPress iONE360 configurator plugin <= 2.0.57 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-7301 WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload