CVE-2023-46450 PoC — Inventory Management System 跨站脚本漏洞

Source

Associated Vulnerability

Description

 CVE-2023-46450 reference

Readme

# -CVE-2023-46450

> [Description]
> Sourcecodester Free and Open Source inventory management system 1.0 is
> vulnerable to Cross Site Scripting (XSS) via the Add supplier function.
>
> ------------------------------------------
>
> [Additional Information]
> A video POC stored XSS vulnerability exists in the add supplier functionality in free and open source inventory management system.
> Link:  https://youtu.be/LQy0_xIK2q0
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> opensource
>
> ------------------------------------------
>
> [Affected Product Code Base]
> free-and-open-source-inventory-management-system-php-source-code - 1.0000
>
> ------------------------------------------
>
> [Affected Component]
> Add supplier functionality
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Authenticated Stored XSS
>
> ------------------------------------------
>
> [Reference]
> https://youtu.be/LQy0_xIK2q0
>
> ------------------------------------------
>
> [Discoverer]
> Yagyesh K. Tiwari

File Snapshot

 [4.0K]  /data/pocs/d58d77ead5f1657b5cf3f5d1e27e2c27e5771180
└── [1.3K]  README.md

0 directories, 1 file

Remarks