CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-51813
https://notcve.org/view.php?id=CVE-2023-51813
Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component. Vulnerabilidad de Cross Site Request Forgery (CSRF) en Free Open-Source Inventory Management System v.1.0 permite a un atacante remoto ejecutar código arbitrario a través del parámetro staff_list en el componente index.php. • https://github.com/xxxxfang/CVE-Apply/blob/main/csrf-1.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2023-46449
https://notcve.org/view.php?id=CVE-2023-46449
Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. El sistema de gestión de inventario Gratuito y de Código Abierto Sourcecodester v1.0 es vulnerable a un control de acceso incorrecto. Un usuario arbitrario puede cambiar la contraseña de otro usuario y hacerse cargo de la cuenta a través de IDOR en la función de cambio de contraseña. • https://github.com/sajaljat/CVE-2023-46449 https://github.com/sajaljat/CVE-2023-46449/tree/main https://www.youtube.com/watch?v=H5QnsOKjs3s • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46450
https://notcve.org/view.php?id=CVE-2023-46450
Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. El sistema de gestión de inventario Gratuito y de Código Abierto Sourcecodester v1.0 es vulnerable a Cross Site Scripting (XSS) a través de la función Agregar proveedor. • https://github.com/yte121/-CVE-2023-46450 https://youtu.be/LQy0_xIK2q0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39712
https://notcve.org/view.php?id=CVE-2023-39712
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los parámetros Nombre, Dirección y Compañía en la sección Add New Put. • https://github.com/Arajawat007/CVE-2023-39712 https://gist.github.com/Arajawat007/836b586cfb8faeb4edbe57ff1c5dc457#file-cve-2023-39712 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-39711
https://notcve.org/view.php?id=CVE-2023-39711
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Free and Open Source Inventory Management System v1.0 permiten a los atacantes ejecutar scripts web arbitrarios o HTML mediante la inyección de un payload manipulado en los parámetros Subtotal y Paidbill en la sección Agregar nueva. • https://github.com/Arajawat007/CVE-2023-39711 https://gist.github.com/Arajawat007/1683f9640c0d62337e0bbe23569d1ea5#file-cve-2023-39711 https://www.sourcecodester.com https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •