Reflected Cross-Site Scripting Vulnerability in PHP Inventory Management System
CVE-2023-36337

6.1MEDIUM

Key Information:

Vendor: PHP
Status: PHP Inventory Management System
Vendor: CVE Published:; 15 December 2025

What is CVE-2023-36337?

The PHP Inventory Management System is vulnerable to a reflected cross-site scripting (XSS) flaw located in the component /index.php/cuzh4. This vulnerability allows an attacker to craft a malicious input that, when processed by the application, can execute arbitrary web scripts or HTML in the context of the user's browser. Successful exploitation could lead to session hijacking, phishing attacks, or other malicious actions on behalf of the victim.

References

https://github.com/ThuanNguyen115685/Report/blob/main/XSS.md

https://gist.github.com/nguyenkhanhthuan/f345c8ea0551c10e...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2025
Vulnerability Reserved
Jun 21, 2023

JSON