CVE-2023-1131

Name of the Vulnerable Software and Affected Versions SourceCodester Computer Parts Sales and Inventory System version 1.0

Description A vulnerability has been found in the SourceCodester Computer Parts Sales and Inventory System, affecting unknown code of the file customer.php. The manipulation of the FIRST NAME, LAST NAME, or PHONE NUMBER arguments leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For version 1.0, consider disabling the manipulation of the FIRST NAME, LAST NAME, and PHONE NUMBER arguments in the customer.php file until a patch is available. Restrict access to the customer.php file to minimize the risk of exploitation. Avoid using the FIRST NAME, LAST NAME, and PHONE NUMBER arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.