Home / Vulnerability Intelligence / CVE-2026-30569

CVE-2026-30569 - Vulnerability Analysis

MediumCVSS: 6.1

Last Updated: March 30, 2026

SourceCodester Inventory System - Reflected XSS

Published: March 27, 2026Updated: March 30, 2026PoC AvailableRemote Exploitable

Overview

SourceCodester Inventory System 1.0 contains a reflected XSS caused by unsanitized input in the "limit" parameter of view_stock_availability.php, letting remote attackers inject arbitrary web scripts via crafted URL.

Severity & Score

Severity: Medium

CVSS Score: 6.1

Impact

Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.

Mitigation

Update to the latest version with proper input sanitization.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-ViewStockAvailability-limit.md

Related Resources

Details

CVE ID: CVE-2026-30569
Severity: Medium
CVSS Score: 6.1
Type: reflected_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N