Reflected Cross-Site Scripting in SourceCodester Sales and Inventory System
CVE-2026-30558

6.1MEDIUM

Key Information:

Vendor: SourceCodester
Status: Sales and Inventory System
Vendor: CVE Published:; 30 March 2026

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2026-30558?

A reflected cross-site scripting vulnerability exists in the SourceCodester Sales and Inventory System version 1.0. This flaw is found in the add_customer.php file, where the application inadequately sanitizes the input received through the 'msg' parameter. As a result, remote attackers can exploit this vulnerability by injecting arbitrary web scripts or HTML code via specially crafted URLs, potentially compromising the integrity of the web application and exposing sensitive user data.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/I...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30558 Data

JSON