Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Severity MEDIUM Date 2/3/2026 Affected Software Online Inventory Manager <= 3.2 CVE Information CVE-2019-25265 CWE Information CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS Vectors CVSS V3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N References ExploitDB-47725 Vendor Homepage Software Download Page Credit Cemal Cihad ÇİFTÇİ Description Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.