POC详情: d58d77ead5f1657b5cf3f5d1e27e2c27e5771180

来源
https://github.com/yte121/-CVE-2023-46450
关联漏洞
标题: Inventory Management System 跨站脚本漏洞 (CVE-2023-46450)
描述:Inventory Management System是stemword个人开发者的一个库存管理系统。 Inventory Management System 1.0版本存在安全漏洞,该漏洞源于Add supplier功能存在跨站脚本(XSS)漏洞。
描述
 CVE-2023-46450 reference
介绍
# -CVE-2023-46450

> [Description]
> Sourcecodester Free and Open Source inventory management system 1.0 is
> vulnerable to Cross Site Scripting (XSS) via the Add supplier function.
>
> ------------------------------------------
>
> [Additional Information]
> A video POC stored XSS vulnerability exists in the add supplier functionality in free and open source inventory management system.
> Link:  https://youtu.be/LQy0_xIK2q0
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> opensource
>
> ------------------------------------------
>
> [Affected Product Code Base]
> free-and-open-source-inventory-management-system-php-source-code - 1.0000
>
> ------------------------------------------
>
> [Affected Component]
> Add supplier functionality
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Authenticated Stored XSS
>
> ------------------------------------------
>
> [Reference]
> https://youtu.be/LQy0_xIK2q0
>
> ------------------------------------------
>
> [Discoverer]
> Yagyesh K. Tiwari
文件快照

 [4.0K]  /data/pocs/d58d77ead5f1657b5cf3f5d1e27e2c27e5771180
└── [1.3K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。