PT-2023-27082 · Unknown · Free/Open Source Inventory Management System
Arajawat007
·
Published
2023-09-01
·
Updated
2023-09-07
·
CVE-2023-39710
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Free and Open Source Inventory Management System version 1.0
Description
The issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the
Name, Address, and Company parameters under the "Add Customer" section. This enables the execution of malicious code on the client-side.Recommendations
For Free and Open Source Inventory Management System version 1.0, consider validating and sanitizing user input for the
Name, Address, and Company parameters to prevent malicious code injection. As a temporary workaround, restrict access to the "Add Customer" section until a proper fix is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Free/Open Source Inventory Management System