PT-2023-19490 · Unknown · Inventory Management System

Published

2023-02-10

Updated

2025-03-24

CVE-2023-24233

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Inventory Management System version v1

Description A stored cross-site scripting (XSS) issue in the /php-inventory-management-system/orders.php?o=add component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter.

Recommendations For Inventory Management System version v1, consider disabling the Client Name parameter in the /php-inventory-management-system/orders.php?o=add component until a patch is available to prevent exploitation. Restrict access to this component to minimize the risk of arbitrary web script or HTML execution.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-24233

Affected Products

Inventory Management System

PT-2023-19490 · Unknown · Inventory Management System

CVE-2023-24233

Weakness Enumeration

Related Identifiers

Affected Products

References · 8