Cross-Site Scripting Vulnerability in SourceCodester Web-based Pharmacy Product Management System
CVE-2025-3822
4.8MEDIUM
What is CVE-2025-3822?
A vulnerability was discovered in the changepassword.php file of SourceCodester's Web-based Pharmacy Product Management System 1.0, which permits cross-site scripting (XSS) attacks. The manipulation of user inputs related to password changes (txtconfirm_password, txtnew_password, txtold_password) creates potential entry points for malicious scripts. This allows attackers to execute scripts in the context of users' browsers, potentially compromising sensitive data and web application integrity. Remote exploitation is feasible, highlighting the urgent need for patches and security audits to mitigate risks.
Affected Version(s)
Web-based Pharmacy Product Management System 1.0