CVE-2019-25265

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Productos afectados

Bigprof · Online Inventory Manager

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bigprof.com https://bigprof.com/appgini/applications/online-inventory-manager https://www.exploit-db.com/exploits/47725 https://www.vulncheck.com/advisories/online-inventory-manager-persistent-cross-site-scripting