Cross-Site Scripting Vulnerability in SourceCodester Inventory Management System
CVE-2026-13570

5.1MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Inventory Management System
Vendor
CVE Published:
29 June 2026

What is CVE-2026-13570?

An identified flaw in the SourceCodester Inventory Management System's User Registration Endpoint allows attackers to exploit the system via a crafted input to the 'full_name' parameter. This vulnerability opens the door for cross-site scripting (XSS) attacks, which can be executed remotely, enabling unauthorized script execution within the context of user sessions. With the exploit publicly available, it is crucial for users to implement mitigations to safeguard their systems.

Affected Version(s)

Inventory Management System 1.0

References

https://vuldb.com/vuln/374578
vdb-entrytechnical-description
https://vuldb.com/vuln/374578/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-13570
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ayush8816 (VulDB User)
VulDB Vulnerability Moderation Team
.