CVE-2024-42550

Name of the Vulnerable Software and Affected Versions Mini Inventory and Sales Management System version commit 18aa3d

Description A cross-site scripting (XSS) issue in the /email/welcome.php component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. This enables the execution of malicious code on the victim's browser.

Recommendations For Mini Inventory and Sales Management System version commit 18aa3d, consider restricting access to the /email/welcome.php component until a patch is available. As a temporary workaround, avoid using the Title parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.