Exploit for Regis Inventory And Monitoring System 1.0 Cross Site Scripting

Name: Exploit for Regis Inventory And Monitoring System 1.0 Cross Site Scripting
Rating: 5 (192 reviews)

2021-03-26 | CVSS -0.4

## https://sploitus.com/exploit?id=PACKETSTORM:161985
# Title: Regis Inventory And Monitoring System 1.0 - 'Item List' Stored XSS  
# Exploit Author: George Tsimpidas  
# Date: 2021-03-25  
# Vendor Homepage: www.sourcecodester.com  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/regis_inventory.zip  
# Version : 1.0.0  
# Tested on: Kali Linux 2020.4  
# Category: Webapp  
  
# Description  
  
Regis Inventory And Monitoring System, suffers from a stored cross site scripting on Item's List Category  
  
#PoC  
  
1. Login as admin : http://localhost/regis_inventory/index.php  
2. Visit : http://localhost/regis_inventory/item.php  
3. Click add a New Item and input your payload on "Generic Name" textbox.  
  
Payload : <script>alert("XSS")</script>  
  
4. After inputting the Item values and submitting the form, it will trigger an XSS pop-up