itsourcecode POS Point of Sale System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in itsourcecode POS Point of Sale System version 1.0. The issue arises in the file '/inventory/main/vendors/datatables/unit_testing/templates/empty_table.php', where the 'scripts' parameter can be manipulated to inject arbitrary web scripts or HTML. This vulnerability can be exploited remotely, and the exploit is publicly available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to '/inventory/main/vendors/datatables/unit_testing/templates/empty_table.php' with a 'scripts' parameter containing the desired JavaScript payload, such as a script tag including a JavaScript alert. This can be done using a web browser or a tool like Burp Suite.