CVE-2023-46450

MEDIUM

Sourcecodester Free and Open Source - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46450. PoCs published by yte121.

AI-analyzed exploit summary The repository describes a stored XSS vulnerability in the 'Add supplier' functionality of the Free and Open Source Inventory Management System 1.0. It includes a video PoC link but lacks actual exploit code or technical details about the vulnerability's root cause.

Description

Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.

Exploits (1)

nomisec WRITEUP

by yte121 · poc

https://github.com/yte121/-CVE-2023-46450

View Code ZIP pw:eip

The repository describes a stored XSS vulnerability in the 'Add supplier' functionality of the Free and Open Source Inventory Management System 1.0. It includes a video PoC link but lacks actual exploit code or technical details about the vulnerability's root cause.

Classification

Writeup 80%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Free and Open Source Inventory Management System 1.0

Auth required

Prerequisites: Authenticated access to the application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/yte121/-CVE-2023-46450/

View Exploit ZIP pw:eip

Exploit, Third Party Advisory

https://youtu.be/LQy0_xIK2q0

Scores

CVSS v3 5.4

EPSS 0.0043

EPSS Percentile 34.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

mayurik/inventory_management_system 1.0

Published Oct 26, 2023

Tracked Since Feb 18, 2026