CVE-2009-4596

Name of the Vulnerable Software and Affected Versions PHP Inventory version 1.2

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the sup id parameter in a suppliers details action. This can lead to the execution of malicious scripts on the client-side.

Recommendations For PHP Inventory version 1.2, avoid using the sup id parameter in the suppliers details action until the issue is resolved. As a temporary workaround, consider validating and sanitizing all user input to prevent malicious script injection.