CVE-2023-39711
https://notcve.org/view.php?id=CVE-2023-39711
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permiten a los atacantes ejecutar scripts web arbitrarios o HTML mediante la inyección de un payload manipulado en los parámetros Subtotal y Paidbill en la sección Agregar nueva. • https://github.com/Arajawat007/CVE-2023-39711 https://gist.github.com/Arajawat007/1683f9640c0d62337e0bbe23569d1ea5#file-cve-2023-39711 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-4749 – SourceCodester Inventory Management System index.php file inclusion
https://notcve.org/view.php?id=CVE-2023-4749
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://skypoc.wordpress.com/2023/09/03/%e3%80%90code-audit%e3%80%91open-source-ample-inventory-management-system-v1-0-by-mayuri_k-has-a-file-inclusion-vulnerability https://vuldb.com/?ctiid.238638 https://vuldb.com/?id.238638 • CWE-73: External Control of File Name or Path •
CVE-2023-39710
https://notcve.org/view.php?id=CVE-2023-39710
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los parámetros Nombre, Dirección y Compañía en la sección Add Customer section. • https://github.com/Arajawat007/CVE-2023-39710 https://gist.github.com/Arajawat007/dc6e4dd231accf777dae30d890a4e7df#file-cve-2023-39710 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39714
https://notcve.org/view.php?id=CVE-2023-39714
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los parámetros Nombre, Dirección y Compañía en la sección Add New Put. • https://github.com/Arajawat007/CVE-2023-39714 https://gist.github.com/Arajawat007/141e68161014e832e30d39b1979a8a6c#file-cve-2023-39714 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39708
https://notcve.org/view.php?id=CVE-2023-39708
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section. • https://github.com/Arajawat007/CVE-2023-39708 https://gist.github.com/Arajawat007/6c544ae8bebd2a36926fd3fdc8d4d5c2#file-cve-2023-39708 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •