CVE-2021-29387

MEDIUM

Equipment Inventory System 1.0 - Stored Cross-Site Scripting via Add Section Name Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-29387. PoCs published by Jitendra Kumar Tripathi.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Equipment Inventory System 1.0. It provides steps to inject malicious scripts into the 'Item List' and 'Employee Details' fields, which execute upon page reload or navigation.

Description

Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.

Exploits (1)

exploitdb WORKING POC
by Jitendra Kumar Tripathi · textwebappsphp
https://www.exploit-db.com/exploits/49722

This exploit demonstrates a stored XSS vulnerability in Equipment Inventory System 1.0. It provides steps to inject malicious scripts into the 'Item List' and 'Employee Details' fields, which execute upon page reload or navigation.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Equipment Inventory System 1.0
Auth required
Prerequisites: Valid login credentials · Access to the admin panel
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49722

Scores

CVSS v3 5.4
EPSS 0.0077
EPSS Percentile 51.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
equipment_inventory_system_project/equipment_inventory_system 1.0
Published Apr 28, 2021
Tracked Since Feb 18, 2026