CNNVD-202602-387 Information
CNNVD ID
CNNVD-202602-387
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
BigProf Online Inventory Manager是BigProf公司的一个在线库存管理系统。 BigProf Online Inventory Manager 3.2版本存在跨站脚本漏洞,该漏洞源于管理员编辑组部分的组描述字段存在存储型跨站脚本漏洞,可能导致Cookie窃取和客户端脚本执行。
Description (English)
BigProf Online Inventory Manager is an online stock management system for BigProf. BigProf Online Inventory Manager 3.2 has a cross-site script loophole, which stems from the memory-type cross-site script gap in the group description field of the administrator ’ s editorial section, which may lead to Cookie stealing and client-end script execution.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
BigProf
Published
2026-02-03
Last Modified
2026-02-24
References
https://bigprof.com https://bigprof.com/appgini/applications/online-inventory-manager https://www.exploit-db.com/exploits/47725 https://www.vulncheck.com/advisories/online-inventory-manager-persistent-cross-site-scripting
Patch
https://github.com/bigprof-software/online-inventory-manager/releases
Share on: