Stored XSS Vulnerability in BDTASK Multi-Store Inventory Management System
CVE-2020-36012

4.8MEDIUM

Key Information:

Vendor

Bdtask

Status
Multi-store
Vendor
CVE Published:
27 January 2021

What is CVE-2020-36012?

A stored cross-site scripting vulnerability exists in BDTASK Multi-Store Inventory Management System 1.0, allowing a local admin to inject arbitrary scripts through the Customer Name Field. If exploited, this could enable an attacker to execute malicious scripts on the victim's browser, potentially leading to data theft, session hijacking, and further exploitation of the application. Organizations must ensure that input sanitization and output encoding mechanisms are effectively implemented to defend against such vulnerabilities.

References

http://bdtask.com
x_refsource_MISC
http://multi-store.com
x_refsource_MISC
https://kislay00.medium.com/m-store-multi-store-inventory...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.