CVE-2023-0945— Best pos management system 跨站脚本漏洞

SourceCodester Best POS Management System cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Best pos management system 跨站脚本漏洞

Best pos management system是Mayuri K.个人开发者的一个最佳 pos 管理系统。 Best POS Management System 1.0版本存在跨站脚本漏洞，该漏洞源于文件 index.php?page=add-category 存在未知函数， 攻击者利用该漏洞可以通过参数 Name 进行跨站脚本攻击。

N/A

N/A