PT-2023-27082 · Unknown · Free/Open Source Inventory Management System

Arajawat007

Publicado

2023-09-01

Atualizado

2023-09-07

CVE-2023-39710

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Free and Open Source Inventory Management System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Name, Address, and Company parameters under the "Add Customer" section. This enables the execution of malicious code on the client-side.

Recommendations For Free and Open Source Inventory Management System version 1.0, consider validating and sanitizing user input for the Name, Address, and Company parameters to prevent malicious code injection. As a temporary workaround, restrict access to the "Add Customer" section until a proper fix is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-39710

Produtos afetados

Free/Open Source Inventory Management System

PT-2023-27082 · Unknown · Free/Open Source Inventory Management System

CVE-2023-39710

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6