CVE-2023-39711

Name of the Vulnerable Software and Affected Versions Free and Open Source Inventory Management System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section. This enables the execution of malicious code on the victim's browser, potentially leading to unauthorized actions or data theft.

Recommendations For Free and Open Source Inventory Management System version 1.0, consider disabling the Add New Put section or restricting access to it until a patch is available. Additionally, avoid using the Subtotal and Paidbill parameters in the affected section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.