Rivishnu

**Name of the Vulnerable Software and Affected Versions** Bdtask Multi-Store Inventory Management System up to 20240325 **Description** A vulnerability was found in the Bdtask Multi-Store Inventory Management System, affecting an unknown function of the file /stockmovment/stockmovment/delete/ of the component Stock Movement Page. This issue leads to cross-site request forgery and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For Bdtask Multi-Store Inventory Management System up to 20240325, consider disabling access to the /stockmovment/stockmovment/delete/ endpoint as a temporary workaround until a patch is available. Restrict access to the Stock Movement Page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bdtask Multi-Store Inventory Management System versions up to 20240320 **Description** A problematic issue was found in the Store Update Page component of the Bdtask Multi-Store Inventory Management System. The manipulation of the `Store Name` and `Store Address` arguments leads to cross-site scripting. This issue can be exploited remotely. The exploit has been disclosed to the public. The vendor was contacted about this issue but did not respond. **Recommendations** For versions up to 20240320, as a temporary workaround, consider restricting access to the Store Update Page until a patch is available. Avoid using the `Store Name` and `Store Address` arguments in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.