CVE-2023-39707
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-39707 is a stored cross-site scripting (XSS) vulnerability affecting Free and Open Source Inventory Management System version 1.0. This issue allows attackers to inject malicious web scripts or HTML codes into the Add Expense parameter under the Expense section. Successful exploitation results in the execution of these scripts on the victim's browser, potentially leading to data theft, unauthorized account access, or other malicious activities. Attackers can leverage this vulnerability by manipulating the input data, which is later stored and served to unsuspecting users. Users are strongly advised to upgrade their software to the latest version or apply available patches to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.