Stock Management System
CVE-2020-24198
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'
AnalysisAI
A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' Affected products include: Stock Management System Project Stock Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Stock Management System
View allSourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php. Rated critical severi
A vulnerability was found in rickxy Stock Management System and classified as critical. Rated critical severity (CVSS 9.
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute a
A vulnerability was found in rickxy Stock Management System and classified as problematic.php?action=add. Rated high sev
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 a
A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical.php?f=login
A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Rated medium se
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Manag
A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic.php of the component Ad
A vulnerability was found in rickxy Stock Management System. Rated medium severity (CVSS 5.4), this vulnerability is rem
A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. Rated
A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as problematic. Ra
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today