Cross-Site Scripting Vulnerability in Inventory Management Product by Ersin Erenler
CVE-2023-46580

5.4MEDIUM

Key Information:

Vendor
Code-projects
Status
Inventory Management
Vendor
CVE Published:
14 November 2023

Summary

A Cross-Site Scripting (XSS) vulnerability exists in Inventory Management V1.0, which permits attackers to execute arbitrary scripts through manipulation of the pname parameter in the editProduct.php component. This flaw can lead to unauthorized actions, compromising user data and security. Users are advised to apply patches and implement security measures to mitigate the risk.

References

https://github.com/ersinerenler/Code-Projects-Inventory-M...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-46580 : Cross-Site Scripting Vulnerability in Inventory Management Product by Ersin Erenler | SecurityVulnerability.io