CVE-2026-30556 in SourceCodester Sales and Inventory System
摘要 (英语)
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
负责
MITRE
预定
2026-03-04
披露
2026-03-30
条目
| 标识符 | 漏洞 | CWE | 基础 | 临时 | 0day | 今天 | 可利用 | KEV | EPSS | CTI | 对策 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354203 | SourceCodester Sales and Inventory System Parameter index.php 跨网站脚本 | 79 | 4.3 | 4.2 | $0-$5k | $0-$5k | 未定义 | 0.00000 | 1.75 | 未定义 | CVE-2026-30556 |