itsourcecode POS Point of Sale System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in itsourcecode POS Point of Sale System version 1.0. The issue resides in the file '/inventory/main/vendors/datatables/unit_testing/templates/complex_header_2.php', where the 'scripts' parameter can be manipulated to inject arbitrary web scripts or HTML. This vulnerability can be exploited remotely, and an exploit is publicly available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the vulnerable PHP file '/inventory/main/vendors/datatables/unit_testing/templates/complex_header_2.php' with a 'scripts' parameter that includes the desired JavaScript payload, such as a script tag containing JavaScript code or a reference to an external script.