CVE-2026-1444

low

Published 2026-01-26 · Modified 2026-04-29

CVSS v3

2.4

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

CVSS v2

3.3

VIR risk

2.4

Description

A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such manipulation of the argument mark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Predictions

Exploit likelihood

36%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

https://blog.y1fan.work/2026/01/13/%E5%AD%98%E5%82%A8%E5%9E%8Bxss/
https://vuldb.com/?ctiid.342873
https://vuldb.com/?id.342873
https://vuldb.com/?submit.736968

CWEs

CWE-79 CWE-94

Verify integrity in audit chain (admin only). AS-IS.