CVE-2023-39709

Name of the Vulnerable Software and Affected Versions Free and Open Source Inventory Management System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the system.

Recommendations For Free and Open Source Inventory Management System version 1.0, consider disabling the Add Member section until a patch is available to prevent exploitation of the XSS vulnerabilities. Restrict access to the Name, Address, and Company parameters to minimize the risk of malicious script injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.