CVE-2023-2691

Name of the Vulnerable Software and Affected Versions SourceCodester Personnel Property Equipment System version 1.0

Description A problematic vulnerability was found in the SourceCodester Personnel Property Equipment System. The issue affects an unknown function of the file admin/add item.php, specifically the component POST Parameter Handler. The manipulation of the item name argument leads to cross-site scripting. This attack can be launched remotely.

Recommendations For version 1.0, consider disabling the item name argument in the POST Parameter Handler until a patch is available. Restrict access to the admin/add item.php file to minimize the risk of exploitation. Avoid using the item name argument in the affected component until the issue is resolved.