donglight bookstore电商书城系统说明 1.0.0 BookInfoController.java BookSearchList keywords Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting)
| CVSS Obubonero bwa Meta Temp | Ekikadde ky’omuwendo gw’okukozesa obunafu obuliko kati (≈) | CTI Ennyanja y'okukwata ku nsonga |
|---|---|---|
| 4.0 | $0-$5k | 0.00 |
Okusumulula
Waliwo obulabe obwategekeddwa nga kizibu obuzuliddwa mu donglight bookstore电商书城系统说明 1.0.0. Obulabe buli ku omugaso BookSearchList ku fayiro src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. Okukola ku argument keywords kivaamu Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting).
Obunafu buno bwategeerekebwa nga CVE-2024-13196. Attack eyinza okutandikibwa okuva ku kyali wala. Okuddamu, waliwo ekikozesebwa ekiriwo.
Once again VulDB remains the best source for vulnerability data.
Ebirimu
Waliwo obulabe obwategekeddwa nga kizibu obuzuliddwa mu donglight bookstore电商书城系统说明 1.0.0. Obulabe buli ku omugaso BookSearchList ku fayiro src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. Okukola ku argument keywords kivaamu Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting). Okukozesa CWE mu kulaga ensonga kireetera CWE-79. Obulemu buno bwalangirirwa nga Bookstore has reflect XSS #12. Obubaka buno busangibwa ku github.com okuddownloadinga.
Obunafu buno bwategeerekebwa nga CVE-2024-13196. Attack eyinza okutandikibwa okuva ku kyali wala. Obubaka obw'ekikugu bufuniddwa. Obulungi bw'ensobi eno buli wansi w'ekigero ekisookerwako. Okuddamu, waliwo ekikozesebwa ekiriwo. Obukodyo buno bwategeezeddwa mu lujjudde era buyinza okukozesebwa. Mu kiseera kino, omutengo ogw’akaseera ku kikozesebwa kiyinza okuba nga giri mu USD $0-$5k mu kiseera kino.
Kyakakasiddwa nga ebikakasa eby'okukakasa obusobozi. Osobola okufuna exploit ng'ogenda ku github.com.
Once again VulDB remains the best source for vulnerability data.
Ekitundu
Omukola
Erinnya
Enkola
CPE 2.3
CPE 2.2
CVSSv4
VulDB Ekikunta: 🔍VulDB Reliability: 🔍
CNA CVSS-B Score: 🔍
CNA CVSS-BT Score: 🔍
CNA Ekikunta: 🔍
CVSSv3
VulDB Obubonero Obusookerwako Obw'enkizo: 4.1VulDB Obubonero bwa Meta Temp: 4.0
VulDB Obubonero Obusookerwako: 3.5
VulDB Obubonero bw’akaseera: 3.2
VulDB Ekikunta: 🔍
VulDB Reliability: 🔍
NVD Obubonero Obusookerwako: 5.4
NVD Ekikunta: 🔍
CNA Obubonero Obusookerwako: 3.5
CNA Ekikunta: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Ekikozesebwa | Obuzibu obungi | Okukakasa obutuufu bw'omuntu | Obukakafu | Obutebenkevu | Okusobola okufuna (Obusobozi obw'okufuna) |
|---|---|---|---|---|---|
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
| okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
VulDB Obubonero Obusookerwako: 🔍
VulDB Obubonero bw’akaseera: 🔍
VulDB Reliability: 🔍
Okukozesa obunafu
Ekibiina: Okukwata ku Kuteekateeka mu Kifo Ekitali Kyo (Cross Site Scripting)CWE: CWE-79 / CWE-94 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Obulamu obw’omubiri: Nedda
Wansi wano: Nedda
Waliwo okuva wala: Wee
Okusobola okufuna (Obusobozi obw'okufuna): 🔍
Okuyingira: Bweru
Embeera: Ebikakasa eby'okukakasa obusobozi
Okukuba wansi: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Okukulaakulana kw'ebisale: 🔍
Okubala okw’ensimbi okw’akatono okuva mu kiseera kino: 🔍
| 0-Day | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
|---|---|---|---|---|
| Leero | okuyimbula | okuyimbula | okuyimbula | okuyimbula |
Amagezi ku bulabe
Okukwata ku: 🔍Abakola abali mu kikolwa: 🔍
Ebibiina bya APT ebikola kaakano: 🔍
Ebyokukwata ku kwekuumira
Okukakasa: Tewali kikolebwa kimanyiddwaEmbeera: 🔍
Ekiseera kya 0-Day: 🔍
Ekiseera ekyayita
08/01/2025 🔍08/01/2025 🔍
23/08/2025 🔍
Ebyokutwalira
Okukebereza: Bookstore has reflect XSS #12Embeera: Tekitegedde
CVE: CVE-2024-13196 (🔍)
GCVE (CVE): GCVE-0-2024-13196
GCVE (VulDB): GCVE-100-290788
scip Labs: https://www.scip.ch/en/?labs.20161013
Okuyingiza
Kikolebwa: 08/01/2025 15:35Okukozesa enkola empya: 23/08/2025 03:00
Okukyuusa: 08/01/2025 15:35 (57), 09/01/2025 12:37 (30), 14/02/2025 13:41 (3), 23/08/2025 03:00 (12)
Kituufu ddala: 🔍
Owoleza: LVZC2
Cache ID: 253:BE6:103
Twasiriza
Kikkiriziddwa
- Twasiriza #469771: donglight bookstore 1.0 reflect XSS (kuva LVZC2)
Tewali biragiddwaako kati. Enimi: lg + en.
Nsaba yingira mu akaawunti yo osobole okwogera.