CVE-2026-30556 in SourceCodester Sales and Inventory System
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Responsible
MITRE
Reservation
03/04/2026
Disclosure
03/30/2026
Entries
| ID | Vulnerability | CWE | Base | Temp | 0day | Today | Exp | KEV | EPSS | CTI | Cou | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354203 | SourceCodester Sales and Inventory System Parameter index.php cross site scripting | 79 | 4.3 | 4.2 | $0-$5k | $0-$5k | Not defined | 0.00000 | 1.75+ | Not defined | CVE-2026-30556 |