Arbitrary Code Execution via pname Parameter in Inventory Management V1.0

CVE-2023-46580 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component.

Learn more about our Web Application Penetration Testing UK.