CVE-2023-49539

MEDIUM

Book Store Management System 1.0 - Stored Cross-Site Scripting via Category Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49539. PoCs published by geraldoalcantara.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-49539, a stored XSS vulnerability in Book Store Management System v1.0. It includes the vulnerable endpoint, payload, and HTTP request details for exploitation.

Description

Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter.

Exploits (1)

nomisec WRITEUP
by geraldoalcantara · poc
https://github.com/geraldoalcantara/CVE-2023-49539

This repository provides a detailed technical analysis of CVE-2023-49539, a stored XSS vulnerability in Book Store Management System v1.0. It includes the vulnerable endpoint, payload, and HTTP request details for exploitation.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Book Store Management System v1.0
Auth required
Prerequisites: Access to the category creation/edition page · Valid session cookies
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0058
EPSS Percentile 42.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
oretnom23/book_store_management_system 1.0
Published Mar 01, 2024
Tracked Since Feb 18, 2026