First published: Fri Jan 20 2023(Updated: )
Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Inventory System Project Inventory System | <=2021-04-23 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this XSS vulnerability is CVE-2023-23014.
The severity of CVE-2023-23014 is medium with a CVSS score of 6.1.
The Inventory System Project's Inventory System up to and including version 2021-04-23 is affected by CVE-2023-23014.
The XSS vulnerability in InventorySystem.php can be exploited through the edit_store_name and edit_active inputs.
Yes, you can find more information about CVE-2023-23014 in the following references: [Link 1](https://gist.github.com/enferas/649f39c955ce2816ba1abae620e749c7) and [Link 2](https://github.com/ronknight/InventorySystem/issues/23).