SourceCodester Inventory Management System 1.0 Reflected XSS (CVE-2024-9323)

Key Information 1. Vulnerability ID: - VDB-278827 - CVE-2024-9323 2. Affected Product: - SourceCodester Inventory Management System 1.0 3. Vulnerability Description: - File: - /app/action/add_staff.php - Issue: - Input from an unknown source leads to a Cross-Site Scripting (XSS) vulnerability. - CWE Definition: - CWE-79 4. Impact: - Affects integrity. - Can be exploited remotely. 5. CVSS Meta Temp Score: - 3.3 6. Current Exploit Price: - $0-$5k 7. CTI Interest Score: - 2.81 8. Vulnerability Details: - The vulnerability exists in the file /app/action/add_staff.php, related to an unknown functionality. - It results in a Cross-Site Scripting (XSS) attack. - The attack can be initiated remotely. - Publicly disclosed and potentially exploitable. 9. Technical Details and Public Exploits: - Technical details are known. - Public exploits are available. 10. Exploitation Method: - Vulnerable targets can be identified by searching for . 11. Recommendation: - Replace the affected component. 12. Related Vulnerabilities: - VDB-238153, VDB-238158, VDB-238159, VDB-238210 Summary This vulnerability exists in the file of SourceCodester Inventory Management System 1.0, leading to a Cross-Site Scripting (XSS) flaw. It can be exploited remotely, with a CVSS Meta Temp Score of 3.3 and a current exploit price ranging from $0 to $5k. It is recommended to replace the affected component to prevent exploitation.

Goal Reached Thanks to every supporter — we hit 100%!

SourceCodester Inventory Management System 1.0 Reflected XSS (CVE-2024-9323)