CVE-2019-25265

Online Inventory Manager 3.2 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79

Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Produtos afetados

Bigprof · Online Inventory Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://bigprof.com https://bigprof.com/appgini/applications/online-inventory-manager https://www.exploit-db.com/exploits/47725 https://www.vulncheck.com/advisories/online-inventory-manager-persistent-cross-site-scripting