# Title: Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting# Exploit Author: George Tsimpidas# Date: 2021-03-25# Vendor Homepage: www.sourcecodester.com# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/regis_inventory.zip# Version : 1.0.0# Tested on: Kali Linux 2020.4# Category: Webapp# Description
Regis Inventory And Monitoring System, suffers from a stored cross site scripting on Item's List Category
#PoC1. Login as admin : http://localhost/regis_inventory/index.php
2. Visit : http://localhost/regis_inventory/item.php
3. Click add a New Item andinput your payload on "Generic Name" textbox.
Payload :<script>alert("XSS")</script>4. After inputting the Item values and submitting the form, it will trigger an XSS pop-up
