Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp
May 8th 2022
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Proof of Concept
Add Item,And name is payload (<script>alert(location)</script>). https://drive.google.com/file/d/148ERlRpfmNDpNXY4X3sW8SqP_UOmute8/view?usp=sharing
Click Item list,xss is executed. https://drive.google.com/file/d/1ITonDK4LRg4fEsL8FY7-1G7dTwIhqlJo/view?usp=sharing https://drive.google.com/file/d/1eMU6WD6ZZiqCKE9f08iUKFjJo2fRJyeg/view?usp=sharing