A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| Link | Resource |
|---|---|
| https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-Index-msg.md | Exploit Third Party Advisory |
| https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-Index-msg.md | Exploit Third Party Advisory |
Configurations
History
01 Apr 2026, 15:42
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-Index-msg.md - Exploit, Third Party Advisory | |
| First Time |
Ahsanriaz26gmailcom
Ahsanriaz26gmailcom sales And Inventory System |
|
| CPE | cpe:2.3:a:ahsanriaz26gmailcom:sales_and_inventory_system:1.0:*:*:*:*:*:*:* |
31 Mar 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| References | () https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-Index-msg.md - | |
| Summary |
|
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
30 Mar 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-03-30 16:16
Updated : 2026-06-17 10:32
NVD link : CVE-2026-30556
Mitre link : CVE-2026-30556
CVE.ORG link : CVE-2026-30556
JSON object : View
Products Affected
ahsanriaz26gmailcom
- sales_and_inventory_system
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
