CVE Catalog

CVE-2023-4555

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile — higher than 34% of all known CVEs

Summary

A vulnerability has been identified in SourceCodester Inventory Management System version 1.0 that allows cross site scripting (XSS) attacks through manipulation of the name/company argument in the suppliar_data.php file. The attack can be launched remotely.

Risk Assessment

This vulnerability poses a risk of exploitation by malicious users to inject scripts, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to update the system to the latest version that addresses this vulnerability and to implement input data filtering to prevent XSS attacks.

Original NVD description (English source)

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238153 was assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS