CVE-2023-24234: XSS
First published: Fri Feb 10 2023(Updated: )
A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Inventory Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this stored cross-site scripting (XSS) vulnerability?
The vulnerability ID for this stored cross-site scripting (XSS) vulnerability is CVE-2023-24234.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Inventory Management System v1 (version 1.0).
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by injecting a crafted payload into the Brand Name parameter, allowing them to execute arbitrary web scripts or HTML.
What is the severity of this vulnerability?
The severity of this vulnerability is medium, with a CVSS score of 4.8.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to apply the latest security patch or update provided by the Inventory Management System Project.
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/inventory management system project
- canonical/inventory management system
- version/inventory management system/1.0