CVE-2023-39714

Name of the Vulnerable Software and Affected Versions Free and Open Source Inventory Management System version 1.0

Description The issue allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the "Add New Member" section. This enables the execution of malicious code on the client-side.

Recommendations For Free and Open Source Inventory Management System version 1.0, consider validating and sanitizing user input for the Name, Address, and Company parameters to prevent the injection of malicious payloads. As a temporary workaround, restrict access to the "Add New Member" section until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.