PT-2020-15589 · Sourcecodester · Sourcecodester Stock Management System

Boku7

Published

2020-09-01

Updated

2020-09-03

CVE-2020-23831

CVSS v3.1

6.4

Medium

Vector

AC:H/AV:N/A:L/C:H/I:L/PR:N/S:U/UI:R

Name of the Vulnerable Software and Affected Versions SourceCodester Stock Management System version 1.0

Description A Reflected Cross-Site Scripting (XSS) issue in the index.php login-portal webpage allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials.

Recommendations For SourceCodester Stock Management System version 1.0, consider disabling the login functionality in the index.php login-portal webpage until a patch is available, and restrict access to the webpage to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-23831

Affected Products

Sourcecodester Stock Management System

PT-2020-15589 · Sourcecodester · Sourcecodester Stock Management System

CVE-2020-23831

Weakness Enumeration

Related Identifiers

Affected Products

References · 4