CVE-2024-0422

CVE-2024-0422 affects CodeAstro POS and Inventory Management System 1.0. The vulnerability lies in the New Item Creation Page, specifically the /new_item functionality, where manipulation of the new_item parameter enables cross-site scripting. Exploitation is remote and the exploit has been discl...

CVE-2023-6773

CVE-2023-6773 affects CodeAstro POS and Inventory Management System 1.0, with an access control vulnerability in the User Creation Handler’s unknown function at /accounts_con/register_account. By supplying the value Admin to the parameter account_type , an attacker can trigger improper access con...

CVE-2023-6775

CVE-2023-6775 affects CodeAstro POS and Inventory Management System 1.0. The vulnerability is a Cross-Site Scripting in the unknown part of the file /item/item_con caused by manipulation of the item_name argument. Attacks can be initiated remotely; exploits have been disclosed publicly. Several s...

CVE-2023-6774

CodeAstro POS and Inventory Management System 1.0 contains an XSS vulnerability in /accounts_con/register_account. The Username parameter can be injected with a script tag () to execute arbitrary script in the victim’s browser. Exploitation is possible remotely and the public disclosure of the ex...