Aggregates CVE and security vulnerability intelligence across all free_and_open_source_inventory_management_system_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk csrf and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-51813 | Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component. | [email protected] | 6.5 | 0.15% | 2024-01-30 | 2025-06-20 |
| CVE-2023-39712 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section. | [email protected] | 6.1 | 0.27% | 2023-09-08 | 2024-11-21 |
| CVE-2023-39711 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section. | [email protected] | 6.1 | 0.11% | 2023-09-07 | 2024-11-21 |
| CVE-2023-39714 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section. | [email protected] | 6.1 | 0.16% | 2023-09-01 | 2024-11-21 |
| CVE-2023-39710 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section. | [email protected] | 6.1 | 0.17% | 2023-09-01 | 2024-11-21 |
| CVE-2023-39709 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section. | [email protected] | 6.1 | 0.11% | 2023-08-28 | 2024-11-21 |
| CVE-2023-39708 | A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section. | [email protected] | 6.1 | 0.16% | 2023-08-28 | 2024-11-21 |
| CVE-2023-39707 | A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section. | [email protected] | 5.4 | 0.19% | 2023-08-25 | 2024-11-21 |