CVE-2026-15532
Received Received - Intake

Cross-Site Scripting in Online Book Store System 1.0

Vulnerability report for CVE-2026-15532, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sourcecodester online_book_store_system 1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the SourceCodester Online Book Store System 1.0, specifically within the User Management Module. It involves improper handling of the Name or Username input, which allows an attacker to perform cross-site scripting (XSS) attacks by manipulating these arguments.

The attack can be executed remotely, meaning an attacker does not need physical access to the system to exploit this vulnerability. Additionally, the exploit code is publicly available, increasing the risk of exploitation.

Impact Analysis

This vulnerability can allow attackers to inject malicious scripts into the web application through the User Management Module. Such cross-site scripting attacks can lead to unauthorized actions performed on behalf of legitimate users, session hijacking, or theft of sensitive information.

Since the attack can be executed remotely and the exploit is publicly available, it increases the likelihood of exploitation, potentially compromising user accounts and the integrity of the online book store system.

Compliance Impact

The Stored Cross-Site Scripting (XSS) vulnerability in the User Management module can lead to unauthorized actions on behalf of users, session hijacking, and access to sensitive data. Such security weaknesses may result in unauthorized disclosure or manipulation of personal or sensitive information.

This can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal data and secure handling of user information to prevent unauthorized access or breaches.

Failure to remediate this vulnerability could lead to violations of these regulations due to potential data breaches or unauthorized data processing caused by exploitation of the XSS flaw.

Detection Guidance

This vulnerability can be detected by authenticating to the Online Book Store application, navigating to the User Management module, and attempting to create or edit a user record by injecting a test XSS payload into the User Name field. If the payload is stored and executes when viewing the user listing or profile, the vulnerability is present.

Since the vulnerability requires authentication and interaction with the web application, network-based detection commands are not directly applicable. Instead, manual or automated testing tools that simulate authenticated user input in the User Name field can be used.

  • Log in to the application with valid credentials.
  • Navigate to the User Management section.
  • Attempt to create or edit a user and insert a simple XSS payload such as <script>alert('XSS')</script> into the User Name field.
  • Save the record and observe if the script executes when viewing the user list or profile.
Mitigation Strategies

Immediate mitigation steps include implementing strict input validation to reject dangerous HTML or script content in the User Name field, deploying a restrictive Content Security Policy (CSP) to reduce the impact of any injected scripts, and applying output encoding or sanitization when rendering user input in the application.

  • Validate and sanitize all user inputs in the User Management module, especially the User Name field.
  • Deploy a Content Security Policy (CSP) that restricts the execution of inline scripts and untrusted sources.
  • Use established output encoding libraries provided by the application framework or programming language to encode user data before rendering.
  • Limit access to the User Management module to trusted administrators only.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15532. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart