Reflected Cross-Site Scripting in SourceCodester Sales and Inventory System by SourceCodester
CVE-2026-30562

9.3CRITICAL

Key Information:

Vendor: SourceCodester
Status: Sales and Inventory System
Vendor: CVE Published:; 30 March 2026

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2026-30562?

A reflected Cross-Site Scripting (XSS) vulnerability is present in SourceCodester Sales and Inventory System version 1.0. This flaw is found in the add_stock.php file, where the application does not adequately sanitize inputs through the 'msg' parameter. As a result, attackers can craft a malicious URL to inject arbitrary web scripts or HTML. Successful exploitation could lead to various attacks, including data theft, session hijacking, and potentially compromising user interactions with the application.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/I...

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30562 Data

JSON