CVE-2023-4555
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk34th percentile — higher than 34% of all known CVEs
Summary
A vulnerability has been identified in SourceCodester Inventory Management System version 1.0 that allows cross site scripting (XSS) attacks through manipulation of the name/company argument in the suppliar_data.php file. The attack can be launched remotely.
Risk Assessment
This vulnerability poses a risk of exploitation by malicious users to inject scripts, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to update the system to the latest version that addresses this vulnerability and to implement input data filtering to prevent XSS attacks.
Original NVD description (English source)
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238153 was assigned to this vulnerability.

