itsourcecode POS Point of Sale System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in itsourcecode POS Point of Sale System version 1.0. The issue resides in the file '/inventory/main/vendors/datatables/unit_testing/templates/deferred_table.php', where the 'scripts' parameter can be manipulated to inject arbitrary web scripts or HTML. This vulnerability allows remote attackers to execute scripts in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the '/inventory/main/vendors/datatables/unit_testing/templates/deferred_table.php' file with a 'scripts' parameter that includes the desired JavaScript payload, such as a script tag containing JavaScript code or a reference to an external script.