CVE-2026-30562 - Vulnerability Analysis
CriticalCVSS: 9.3Last Updated: March 30, 2026
SourceCodester Sales and Inventory System - Reflected XSS
Published: March 30, 2026Updated: March 30, 2026Remote Exploitable
Overview
SourceCodester Sales and Inventory System 1.0 contains a reflected XSS caused by unsanitized input in the "msg" parameter of add_stock.php, letting remote attackers inject arbitrary web scripts via crafted URL.
Severity & Score
Severity: Critical
CVSS Score: 9.3
Impact
Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.
Mitigation
Update to the latest version with proper input sanitization.
References
Related Resources
Details
- CVE ID
- CVE-2026-30562
- Severity
- Critical
- CVSS Score
- 9.3
- Type
- reflected_xss
- Status
- new
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N