This vulnerability in MyBookTable Bookstore (versions ≤ 3.6.0) involves improper input sanitization during web page generation, resulting in stored cross-site scripting (XSS). An attacker could inject malicious scripts that persist on the site and execute in the context of users' browsers, potentially leading to partial confidentiality, integrity, and availability impacts as reflected by the CVSS vector (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). The vulnerability was reserved in October 2025 and published in December 2025. No patch or remediation information is provided in the available data.

Successful exploitation could allow an attacker with low privileges and requiring user interaction to execute arbitrary scripts in the context of affected users, potentially leading to partial compromise of confidentiality, integrity, and availability of user data or sessions within the affected application. The CVSS score of 6.5 reflects a medium severity impact with network attack vector and scope change.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution with input handling and consider implementing web application firewall (WAF) rules to detect and block potential XSS payloads. Monitor vendor channels for updates and apply patches promptly once released.