Reflected Cross-Site Scripting Vulnerability in SourceCodester Zoo Management System
CVE-2026-30526

6.1MEDIUM

Key Information:

Vendor: SourceCodester
Status: Zoo Management System
Vendor: CVE Published:; 1 April 2026

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2026-30526?

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the login page of SourceCodester's Zoo Management System v1.0. This issue arises from the improper handling of the 'msg' parameter, which reflects user input back to the browser without adequate HTML encoding or sanitization. As a result, an attacker can craft a malicious URL that, when accessed, executes arbitrary scripts within the context of the user's session. This could lead to unauthorized data access and further compromise the security of the application.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Z...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30526 Data

JSON