itsourcecode POS Point of Sale System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in itsourcecode POS Point of Sale System version 1.0. The issue arises in the file '/inventory/main/vendors/datatables/unit_testing/templates/dom_data_two_headers.php', where the 'scripts' parameter can be manipulated to inject arbitrary web scripts or HTML. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to '/inventory/main/vendors/datatables/unit_testing/templates/dom_data_two_headers.php' with a 'scripts' parameter containing the injected script or HTML. The injected content will be executed as a script in the user's browser.