CVE-2025-47589 is a DOM-based Cross-site Scripting (XSS) vulnerability identified in the motov.net Ebook Store application, affecting versions up to 5.8007. This vulnerability arises from improper neutralization of input during web page generation, classified under CWE-79. Specifically, the application fails to adequately sanitize or encode user-supplied data before incorporating it into the Document Object Model (DOM), allowing an attacker to inject malicious scripts. When exploited, this can lead to the execution of arbitrary JavaScript in the context of the victim's browser session. The CVSS v3.1 base score is 6.5, indicating a medium severity level. The vector string (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) reveals that the attack can be performed remotely over the network with low attack complexity, requires low privileges and user interaction, and impacts confidentiality, integrity, and availability to a limited extent. The scope is changed, meaning the vulnerability affects components beyond the initially vulnerable component. No known exploits are currently in the wild, and no patches have been linked yet. The vulnerability could be leveraged to steal session tokens, perform actions on behalf of authenticated users, or redirect users to malicious sites, potentially leading to account compromise or data leakage.

For European organizations using the motov.net Ebook Store platform, this vulnerability poses a significant risk to user data confidentiality and integrity. Exploitation could allow attackers to hijack user sessions, leading to unauthorized access to personal information or purchase histories. The integrity of user interactions with the platform could be compromised, enabling fraudulent transactions or manipulation of displayed content. Availability impact is limited but possible if malicious scripts disrupt normal application functionality. Given the medium severity and the requirement for user interaction, the threat is more pronounced in environments where users are less security-aware or where the Ebook Store is integrated into larger enterprise ecosystems. Additionally, organizations subject to stringent data protection regulations such as GDPR must consider the reputational and compliance risks associated with potential data breaches stemming from this vulnerability.

To mitigate this vulnerability, organizations should implement strict input validation and output encoding on all user-supplied data before it is inserted into the DOM. Employing security libraries or frameworks that automatically handle encoding can reduce human error. Content Security Policy (CSP) headers should be configured to restrict the execution of unauthorized scripts. Regularly updating the Ebook Store application to the latest version once patches are released is critical. Additionally, organizations should conduct security awareness training to educate users about the risks of interacting with suspicious links or content. Monitoring web application logs for unusual activities and employing Web Application Firewalls (WAFs) with rules targeting XSS patterns can provide additional layers of defense. Since no patch is currently available, temporary mitigations like disabling or restricting features that reflect user input in the DOM may be necessary.