Reflected Cross-Site Scripting Vulnerability in SourceCodester Sales and Inventory System
CVE-2026-30556

6.1MEDIUM

Key Information:

Vendor: SourceCodester
Status: Sales and Inventory System
Vendor: CVE Published:; 30 March 2026

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2026-30556?

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 through the 'msg' parameter in the index.php file. The application does not properly sanitize user input, which allows remote attackers to execute arbitrary web scripts or HTML by crafting a malicious URL. This flaw can lead to unauthorized actions taken on behalf of unsuspecting users, making it a significant security concern for applications relying on this system.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/I...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30556 Data

JSON