CVE-2023-39707

Name of the Vulnerable Software and Affected Versions Free and Open Source Inventory Management System version 1.0

Description A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section. This enables attackers to potentially manipulate the system by injecting malicious scripts.

Recommendations For Free and Open Source Inventory Management System version 1.0, consider disabling the Add Expense parameter under the Expense section as a temporary workaround until a patch is available. Restrict access to the Expense section to minimize the risk of exploitation. Avoid using the Add Expense parameter in the affected section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.