CVE-2026-30570 - Vulnerability Analysis
MediumCVSS: 6.1Last Updated: March 30, 2026
SourceCodester Inventory System - Reflected XSS
Published: March 27, 2026Updated: March 30, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Inventory System 1.0 contains a reflected XSS caused by unsanitized "limit" parameter in view_sales.php, letting remote attackers inject arbitrary web scripts via crafted URL, exploit requires no special privileges.
Severity & Score
Severity: Medium
CVSS Score: 6.1
Impact
Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.
Mitigation
Update to the latest version with proper input sanitization or apply patches to sanitize the "limit" parameter.
References
Related Resources
Details
- CVE ID
- CVE-2026-30570
- Severity
- Medium
- CVSS Score
- 6.1
- Type
- reflected_xss
- Status
- confirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N