CVE-2023-39708
https://notcve.org/view.php?id=CVE-2023-39708
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section. • https://github.com/Arajawat007/CVE-2023-39708 https://gist.github.com/Arajawat007/6c544ae8bebd2a36926fd3fdc8d4d5c2#file-cve-2023-39708 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39709
https://notcve.org/view.php?id=CVE-2023-39709
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section. • https://github.com/Arajawat007/CVE-2023-39709 https://gist.github.com/Arajawat007/4cb86f9239c73ccfeaf466352513b188#file-cve-2023-39709 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4558 – SourceCodester Inventory Management System staff_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-4558
A vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staff_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/Inventory%20Management%20System%20SQLi%20staff_data.md https://vuldb.com/?ctiid.238159 https://vuldb.com/?id.238159 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-4557 – SourceCodester Inventory Management System search_purchase_paymen_report.php sql injection
https://notcve.org/view.php?id=CVE-2023-4557
A vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_purchase_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ZhangXiaoDan1/cve_hub/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system%20-%20vuln%204.pdf https://vuldb.com/?ctiid.238158 https://vuldb.com/?id.238158 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-4555 – SourceCodester Inventory Management System suppliar_data.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-4555
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/TheCyberDiver/Public-Disclosures-CVE-/blob/main/Inventory-Management-System-XSS.md https://vuldb.com/?ctiid.238153 https://vuldb.com/?id.238153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •