What is CVE-2025-0301?

A medium-severity cross-site scripting vulnerability exists in Fabian's Online Book Shop 1.0. Organizations should prioritize patching to avoid potential exploitation.

What is the severity of CVE-2025-0301?

CVE-2025-0301 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-0301 | Medium Vulnerability in Fabian Online Book Shop

A vulnerability, which was classified as problematic, has been found in code-projects Online Book Shop 1.0. Affected by this issue is some unknown functionality of the file /subcat.php. The manipulation of the argument catnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

This vulnerability allows attackers to execute arbitrary scripts in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions.

With a CVSS score of 5.3, categorized as medium severity, organizations must recognize the risks associated with this vulnerability. The attack vector is network-based with low complexity, meaning that it can be exploited remotely with minimal effort.

Organizations should prioritize patching immediately to mitigate potential exploitation. Regular monitoring and validation of web application security should also be a part of the overall security strategy.

Vulnerability Details

The vulnerability affects the Online Book Shop 1.0 application developed by Fabian, specifically targeting the file /subcat.php. It has been classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) and CWE-94 (Improper Control of Generation of Code).

Publication of this vulnerability occurred on January 7, 2025, with the last modification noted on October 23, 2025. The CVSS v4.0 score indicates a low attack complexity with low privileges required for exploitation.

Technical Analysis

The root cause of this vulnerability lies in improper input validation in the /subcat.php file, where user-supplied input is not adequately sanitized. Attackers may leverage this vulnerability by manipulating the catnm parameter, allowing them to inject malicious scripts into the application.

The attack vector is through the network, requiring low complexity and low privileges to execute. No user interaction is required for an attack to be successful. The integrity impact is assessed as low, indicating possible alterations to data without detection.

Risk & Impact Analysis

Risk to organizations includes potential exploitation of user data, leading to unauthorized access or data breaches. The blast radius for this vulnerability could affect all users of the Online Book Shop application, thus emphasizing the importance of immediate remediation.

Given the CVSS score and the absence of known exploitation, organizations should address this vulnerability in their priority patch cycle to mitigate risks effectively.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is the Online Book Shop version 1.0. All versions prior to vendor patch are vulnerable.

Mitigation & Remediation

Organizations should implement the following mitigation strategies:

1. Update to the latest version of the Online Book Shop application as soon as a patch is available.

2. Validate input data to ensure that malicious scripts cannot be injected into the application.

3. Consider engaging in penetration testing to identify similar weaknesses in the application.

Detection Guidance

To detect exploitation attempts, organizations should monitor for the following indicators:

1. Unusual HTTP requests targeting the /subcat.php file.

2. Script execution attempts that do not correspond to normal application behavior.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-0301 lies in its representation of increased vulnerabilities in web applications due to inadequate input validation. Security teams should learn from this incident to enhance their security protocols.

Patterns indicate that similar vulnerabilities may proliferate without proper attention to secure coding practices. Organizations should adopt a proactive approach to security by implementing comprehensive security assessments and training for developers.

Strategically, organizations must integrate ongoing vulnerability management programs to ensure they remain ahead of potential threats.

For further insights, consider reviewing our vulnerability management program to better understand how to secure your applications.

Additionally, the importance of continuous monitoring and adaptation to the evolving threat landscape cannot be overstated, as this vulnerability exemplifies the need for vigilant security practices.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-0301: Medium Vulnerability in Fabian Online Book Shop