Arajawat007/CVE-2023-39711

## CVE-2023-39711
Exploit Title:Free and Open Source inventory management system php source code -XSS Cross Site Scripting
Vendor of Product - https://www.sourcecodester.com/
Software Link: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html
Tested on: Linux
Attack Type - Local

Steps Of Reproduce -

1. Visit http://localhost/ample/login.php

2. Click on the "Register" button to navigate to the Registration page.

3.  After clicking on "Register" we redirect to URL: http://localhost/ample/index.php?page=dashboard

4. go to new buy section http://localhost/ample/index.php?page=buy_product

5. Use payload: "><script>alert(123)</script>

6. Click on Add New

7. Click on Submit Use XSS payload ( "><script>alert(123)</script> ) put payload in subtotal, paidbill

8. It reflected the value of 123.

Reference: CVE-2023-39711
	Exploit Title:Free and Open Source inventory management system php source code -XSS Cross Site Scripting
	Vendor of Product - https://www.sourcecodester.com/
	Software Link: https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html
	Tested on: Linux
	Attack Type - Local

	Steps Of Reproduce -

	1. Visit http://localhost/ample/login.php

	2. Click on the "Register" button to navigate to the Registration page.

	3. After clicking on "Register" we redirect to URL: http://localhost/ample/index.php?page=dashboard

	4. go to new buy section http://localhost/ample/index.php?page=buy_product

	5. Use payload: "><script>alert(123)</script>

	6. Click on Add New

	7. Click on Submit Use XSS payload ( "><script>alert(123)</script> ) put payload in subtotal, paidbill

	8. It reflected the value of 123.

	Reference: CVE-2023-39711