Skip to main content

Free And Open Source Inventory Management System CVE-2023-39708

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-08-28 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 28, 2023 - 14:15 nvd
MEDIUM 6.1

DescriptionNVD

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.

AnalysisAI

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section. Affected products include: Free And Open Source Inventory Management System Project Free And Open Source Inventory Management System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-1926 CRITICAL POC
9.8 Feb 27

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severit

CVE-2023-7157 CRITICAL POC
9.8 Dec 29

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as criti

CVE-2023-6306 CRITICAL POC
9.8 Nov 27

A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System

CVE-2023-6305 CRITICAL POC
9.8 Nov 27

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severit

CVE-2023-7155 HIGH POC
8.8 Dec 29

A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management

CVE-2023-39711 MEDIUM POC
6.1 Sep 07

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows atta

CVE-2023-39714 MEDIUM POC
6.1 Sep 01

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows atta

CVE-2023-39710 MEDIUM POC
6.1 Sep 01

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows atta

CVE-2023-39709 MEDIUM POC
6.1 Aug 28

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows atta

CVE-2023-39707 MEDIUM POC
5.4 Aug 25

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attack

CVE-2024-9323 MEDIUM POC
5.3 Sep 29

A vulnerability was found in SourceCodester Inventory Management System 1.0. Rated medium severity (CVSS 5.3), this vuln

CVE-2023-39712 MEDIUM
6.1 Sep 08

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows atta

Share

CVE-2023-39708 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy