Withstars Books Management System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Withstars Books Management System version 1.0. The issue arises in the Book Edit Page component, specifically within the '/book_edit_do.html' file. The vulnerability allows remote attackers to inject malicious JavaScript into the 'name' parameter, which is then executed when other users view the page. This XSS vulnerability is stored in the system and can potentially affect other parameters as well.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Reproduction

To reproduce this vulnerability, navigate to the 'Library' section and select 'All Books'. Choose a book to edit and inject a script into the 'name' parameter. Once saved, the script will execute when the book details are viewed.