Name of the Vulnerable Software and Affected Versions: Multi-Purpose Inventory Management System (affected versions not specified) Description: A stored Cross-Site Scripting (XSS) issue exists due to insufficient validation of user-supplied data. A remote user can exploit this by sending a POST request with a specially crafted query to an authenticated user, potentially stealing their cookie session details. The vulnerability occurs through the product name parameter in the /Controller Products/update API endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this…Read More
PT-2025-36457
