Vulnerability Details CVE-2009-4596
Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://packetstormsecurity.org/0912-exploits/phpinventory-sql.txt
- http://www.exploit-db.com/exploits/10370
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54667
- http://packetstormsecurity.org/0912-exploits/phpinventory-sql.txt
- http://www.exploit-db.com/exploits/10370
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54667
Products affected by CVE-2009-4596
-
cpe:2.3:a:phpwares:php_inventory:1.2