CVE-2023-39708

Name of the Vulnerable Software and Affected Versions Free and Open Source Inventory Management System version 1.0

Description A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section. This issue enables attackers to inject malicious code, potentially leading to unauthorized actions on the affected system.

Recommendations For Free and Open Source Inventory Management System version 1.0, consider disabling the Add New parameter under the New Buy section as a temporary workaround until a patch is available. Restrict access to the New Buy section to minimize the risk of exploitation. Avoid using the Add New parameter in the affected section until the issue is resolved.