Reflected Cross-Site Scripting Vulnerability in SourceCodester Sales and Inventory System
CVE-2026-30557

6.1MEDIUM

Key Information:

Vendor: SourceCodester
Status: Sales and Inventory System
Vendor: CVE Published:; 30 March 2026

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2026-30557?

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the SourceCodester Sales and Inventory System version 1.0. This issue arises from improper input sanitization in the add_category.php file, specifically through the 'msg' parameter. Malicious actors can exploit this vulnerability by crafting a specially designed URL that allows them to inject arbitrary web scripts or HTML into the application. As a result, users who interact with this compromised URL may be subjected to various attacks, potentially leading to data theft or unauthorized actions within their session.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/I...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30557 Data

JSON