CVE-2023-49540

MEDIUM

Book Store Management System v1.0 - Cross-Site Scripting via History Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49540. PoCs published by geraldoalcantara.

AI-analyzed exploit summary This repository provides a detailed technical writeup of CVE-2023-49540, an XSS vulnerability in Book Store Management System v1.0. It includes the vulnerable endpoint, payload injection method, and a sample HTTP request demonstrating the exploit.

Description

Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter.

Exploits (1)

nomisec WRITEUP
by geraldoalcantara · poc
https://github.com/geraldoalcantara/CVE-2023-49540

This repository provides a detailed technical writeup of CVE-2023-49540, an XSS vulnerability in Book Store Management System v1.0. It includes the vulnerable endpoint, payload injection method, and a sample HTTP request demonstrating the exploit.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Book Store Management System v1.0
Auth required
Prerequisites: Access to the transaction page · Valid session cookies
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0058
EPSS Percentile 42.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
oretnom23/book_store_management_system 1.0
Published Mar 01, 2024
Tracked Since Feb 18, 2026