Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component.
References
Configurations
History
17 Nov 2023, 15:32
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Code-projects
Code-projects inventory Management |
|
CPE | cpe:2.3:a:code-projects:inventory_management:1.0:*:*:*:*:*:*:* | |
References | () https://github.com/ersinerenler/Code-Projects-Inventory-Management-1.0/blob/main/CVE-2023-46580-Code-Projects-Inventory-Management-1.0-Stored-Cross-Site-Scripting-Vulnerability.md - Exploit, Third Party Advisory |
14 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-14 22:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-46580
Mitre link : CVE-2023-46580
CVE.ORG link : CVE-2023-46580
JSON object : View
Products Affected
code-projects
- inventory_management
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')