Submit #831944: SourceCodester Web-based Pharmacy Product Management System using PHP and MySQL Database 1.0 Cross Site Scriptinginfo

TitleSourceCodester Web-based Pharmacy Product Management System using PHP and MySQL Database 1.0 Cross Site Scripting
Description# Exploit Title: Web-based Pharmacy Product Management System - Stored XSS # Exploit Author: Pratik Shetty # Vendor Name: Senior Walter # Vendor Homepage: https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html # Software Link: https://www.sourcecodester.com/php/17883/web-based-product-alert-system.html # Version: v1.0 # Tested on: Windows 11, Apache ` Description:- A Stored Cross-Site Scripting (XSS) vulnerability in Web-based Pharmacy Product Management System allows to inject Arbitrary JavaScript in adding a New Supplier in "Supplier Management" page. ` Payload used:- <script>alert('XSS')</script> ` Parameter":- Supplier Name: <script>alert('XSS')</script> Address: <script>alert('XSS')</script> ` Steps to reproduce:- 1. Login into your admin account 2. Now go to http://localhost/product_expiry/add-supplier.php and add an new supplier 3. In that "Supplier Name" and "Address" parameter put the payload. <script>alert('XSS')</script> 4. As you can see our payload has been executed.
Source⚠️ https://github.com/draco1725/POC/blob/main/Exploit/Web-based%20Pharmacy%20Product%20Management%20System/Stored%20XSS
User
 draco (UID 24011)
Submission05/17/2026 13:44 (24 days ago)
Moderation06/04/2026 17:38 (18 days later)
StatusDuplicate
VulDB entry305733 [SourceCodester Web-based Pharmacy Product Management System 1.0 add-supplier.php txtsupplier_name/txtaddress cross site scripting]
Points0

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!