CVE-2019-25265

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected products

Bigprof · Online Inventory Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bigprof.com https://bigprof.com/appgini/applications/online-inventory-manager https://www.exploit-db.com/exploits/47725 https://www.vulncheck.com/advisories/online-inventory-manager-persistent-cross-site-scripting