itsourcecode POS Point of Sale System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in itsourcecode POS Point of Sale System version 1.0. The issue resides in the file '/inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php', where the 'scripts' parameter can be manipulated to inject arbitrary web scripts or HTML. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to '/inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php' with a 'scripts' parameter containing the desired JavaScript payload, such as a script tag including a JavaScript alert. This can be done manually or using an automated tool.