Cross-Site Scripting Vulnerability in SourceCodester Pharmacy Management System
CVE-2025-3826
4.8MEDIUM
What is CVE-2025-3826?
A critical flaw has been identified in the SourceCodester Web-based Pharmacy Product Management System version 1.0, specifically affecting the add-supplier.php file. This vulnerability arises from improper validation of user input in the parameters txtsupplier_name and txtaddress, allowing attackers to inject malicious scripts. When exploited, this can lead to unauthorized actions that compromise data integrity and user security. The attack can be initiated remotely, posing significant risks to the system's stability and confidentiality, necessitating immediate attention and remediation.
Affected Version(s)
Web-based Pharmacy Product Management System 1.0