Regis Inventory And Monitoring System 1.0 Cross Site Scripting

2021.03.27

Credit: George Tsimpidas

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Title: Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS
# Exploit Author: George Tsimpidas
# Date: 2021-03-25
# Vendor Homepage: www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/regis_inventory.zip
# Version : 1.0.0
# Tested on: Kali Linux 2020.4
# Category: Webapp
# Description
Regis Inventory And Monitoring System, suffers from a stored cross site scripting on Item's List Category
#PoC
1. Login as admin : http://localhost/regis_inventory/index.php
2. Visit : http://localhost/regis_inventory/item.php
3. Click add a New Item and input your payload on "Generic Name" textbox.
Payload : <script>alert("XSS")</script>
4. After inputting the Item values and submitting the form, it will trigger an XSS pop-up

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Regis Inventory And Monitoring System 1.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.