Bug Title: Multiple Stored Cross Site Scripting Vulnerabilities Reporter Name : Madhu Akula Product : OCS-Inventory NG Version : All Versions Modules : OCS Reports Web Interface Tested On : Windows, Linux, Mac Browsers : Firefox, Chrome, IE and all other also Priority : High Severity: Critical Summary : Multiple Stored Cross Site Scripting Vulnerabilities leads to take over the User accounts & Internal Network scanning and some advanced attacks Description : About Vulnerability : Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Impact : Attackers can execute scripts in a victims browser to hijack user sessions, deface web sites, insert hostile content, redirect users, hijack the users browser using malware, etc. For more reference : https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) Steps to Reproduce : (POC) https://www.dropbox.com/s/7bbdv8o8q1faotk/ocsng_sxsss.ogv Mitigation : Fixed in SVN Madhu Akula Information Security Researcher https://www.twitter.com/madhuakula