We’re taking on a small number of new builds and rebuilds this quarter. Book a call to see if your project is a fit.

CVE CVE-2023-36337

CVE-2023-36337

PHP

Severity: MEDIUM
CVSS: 6.1CVSS
Published: 2025-12-15
Last modified: 2026-01-02
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79

Description

A reflected cross-site scripting (XSS) vulnerability in the component /index.php/cuzh4 of PHP Inventory Management System 1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

References

https://gist.github.com/nguyenkhanhthuan/f345c8ea0551c10ead197680f2ba9c66
https://github.com/ThuanNguyen115685/Report/blob/main/XSS.md

Summary

Description

References