M-Store- Multi-Store Inventory Management System — “Add Customer” Stored XSS

# Exploit Title: M-Store- Multi-Store Inventory Management System — “Add Customer” Stored XSS

# Exploit Author: Kislay Kumar

# Date: 2020–12–21

# Google Dork: N/A

# Vendor Homepage: https://www.bdtask.com/

# Software Link: https://codecanyon.net/item/mstore-multistore-inventory-management-system-with-full-accounts-and-installment-sale/22891251

# Affected Version: 1.0

# Patched Version: Unpatched

# Category: Web Application

# Tested on: Kali Linux

Step 1. Login as Super Admin.

Step 2. Select “Customer” from menu and click on “Add” .

Step 3. Insert payload — “><img src onerror=alert(1)> in “Customer Name” , “Address” and “Business Address”

Step 4. Now Click on “Save” and you will get alert boxes.

Thank you
Regards
Kislay Kumar