Description
Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.
References
https://www.exploit-db.com/exploits/49722
ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/49722
ExploitThird Party AdvisoryVDB Entry
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 · Medium
Information
Source identifier
Vulnerability status
Modified
Published
2021-04-28T12:15:07.683Z
4 years agoLast modified
2024-11-21T05:01:01.380Z
1 year ago