CVE-2023-51813
https://notcve.org/view.php?id=CVE-2023-51813
Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component. Vulnerabilidad de Cross Site Request Forgery (CSRF) en Free Open-Source Inventory Management System v.1.0 permite a un atacante remoto ejecutar código arbitrario a través del parámetro staff_list en el componente index.php. • https://github.com/xxxxfang/CVE-Apply/blob/main/csrf-1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-39712
https://notcve.org/view.php?id=CVE-2023-39712
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los parámetros Nombre, Dirección y Compañía en la sección Add New Put. • https://github.com/Arajawat007/CVE-2023-39712 https://gist.github.com/Arajawat007/836b586cfb8faeb4edbe57ff1c5dc457#file-cve-2023-39712 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39711
https://notcve.org/view.php?id=CVE-2023-39711
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permiten a los atacantes ejecutar scripts web arbitrarios o HTML mediante la inyección de un payload manipulado en los parámetros Subtotal y Paidbill en la sección Agregar nueva. • https://github.com/Arajawat007/CVE-2023-39711 https://gist.github.com/Arajawat007/1683f9640c0d62337e0bbe23569d1ea5#file-cve-2023-39711 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39710
https://notcve.org/view.php?id=CVE-2023-39710
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los parámetros Nombre, Dirección y Compañía en la sección Add Customer section. • https://github.com/Arajawat007/CVE-2023-39710 https://gist.github.com/Arajawat007/dc6e4dd231accf777dae30d890a4e7df#file-cve-2023-39710 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-39714
https://notcve.org/view.php?id=CVE-2023-39714
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los parámetros Nombre, Dirección y Compañía en la sección Add New Put. • https://github.com/Arajawat007/CVE-2023-39714 https://gist.github.com/Arajawat007/141e68161014e832e30d39b1979a8a6c#file-cve-2023-39714 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •