Lucene search
HistorySep 01, 2023 - 2:15 p.m.
CVE-2023-39710
cross-site scripting
free and open source
inventory management system
arbitrary web script
crafted payload
add customer section
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
27.8%
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section.
Affected configurations
Node
free_and_open_source_inventory_management_system_projectfree_and_open_source_inventory_management_systemMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| free_and_open_source_inventory_management_system_project | free_and_open_source_inventory_management_system | 1.0 | cpe:2.3:a:free_and_open_source_inventory_management_system_project:free_and_open_source_inventory_management_system:1.0:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2023-09-01 14:15:00
cve
cve
CVE-2023-39710
2023-09-01 14:15:07
cvelist
cvelist
CVE-2023-39710
2023-09-01 00:00:00
vulnrichment
vulnrichment
CVE-2023-39710
2023-09-01 00:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
27.8%
Related for NVD:CVE-2023-39710