| Title | SourceCodester Sales and Inventory System 1.0 Cross Site Scripting |
|---|
| Description | A reflected cross-site scripting (XSS) vulnerability exists in Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file. The application fails to sanitize the GET parameter 'msg' before reflecting it in the response, allowing an authenticated attacker to execute arbitrary JavaScript in the victim's browser. |
|---|
| Source | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-AddCategory-msg.md |
|---|
| User | 563742137abc (UID 95813) |
|---|
| Submission | 03/25/2026 02:31 (16 days ago) |
|---|
| Moderation | 04/08/2026 17:11 (15 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 354202 [SourceCodester Sales and Inventory System 1.0 Parameter add_category.php msg cross site scripting] |
|---|
| Points | 0 |
|---|