CVE-2025-3961
published 2025-04-27CVE-2025-3961: A vulnerability classified as problematic has been found in withstars Books-Management-System 1.0. This affects an unknown part of the file…
PriorityP421medium4.1CVSS 3.1
AVNACLPRLUIRSCCNILAN
EPSS
0.34%
25.6th percentile
A vulnerability classified as problematic has been found in withstars Books-Management-System 1.0. This affects an unknown part of the file /admin/article/add/do. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| withstars | books-management-system | — | — |
CVSS provenance
nvdv3.14.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_oracle9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6pr-9q7f-5phx: A vulnerability classified as problematic has been found in withstars Books-Management-System 1
ghsa_unreviewed·2025-04-27
CVE-2025-3961 [MEDIUM] CWE-79 GHSA-w6pr-9q7f-5phx: A vulnerability classified as problematic has been found in withstars Books-Management-System 1
A vulnerability classified as problematic has been found in withstars Books-Management-System 1.0. This affects an unknown part of the file /admin/article/add/do. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer.
Oracle
Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech - Cloud (Samba) — CVE-2023-3961
vendor_oracle·2025-01-15·CVSS 9.8
CVE-2023-3961 [CRITICAL] Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech - Cloud (Samba) — CVE-2023-3961
Oracle Oracle JD Edwards Risk Matrix: E1 Dev Platform Tech - Cloud (Samba) vulnerability
CVE: CVE-2023-3961
CVSS: 9.8
Protocol: SMB
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2025 (JAN 2025)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-27
Published