| Título | SourceCodester Sales and Inventory System 1.0 Cross Site Scripting |
|---|
| Descripción | A reflected cross-site scripting (XSS) vulnerability exists in Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file. The application fails to sanitize the GET parameter 'msg' before reflecting it in the response, allowing an authenticated attacker to execute arbitrary JavaScript in the victim's browser. |
|---|
| Fuente | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-AddStock-msg.md |
|---|
| Usuario | 563742137abc (UID 95813) |
|---|
| Sumisión | 2026-03-25 02:55 (hace 24 días) |
|---|
| Moderación | 2026-04-08 17:12 (15 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada de VulDB | 354207 [SourceCodester Sales and Inventory System 1.0 Parameter add_stock.php msg secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 0 |
|---|