CVE-2023-39712

Name of the Vulnerable Software and Affected Versions Free and Open Source Inventory Management System version 1.0

Description Multiple cross-site scripting (XSS) vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section.

Recommendations For Free and Open Source Inventory Management System version 1.0, consider disabling the Add New Put section until a patch is available to prevent exploitation of the XSS vulnerabilities. Restrict access to the Name, Address, and Company parameters to minimize the risk of arbitrary web script or HTML execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.