CVE-2026-30561 in Sales and Inventory System
摘要 (英语)
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
负责
MITRE
预定
2026-03-04
披露
2026-03-30
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 354210 | SourceCodester Sales and Inventory System Parameter add_purchase.php 跨网站脚本 | 79 | 未定义 | 未定义 | CVE-2026-30561 |