Home / Vulnerability Intelligence / CVE-2026-3766

CVE-2026-3766 - Vulnerability Analysis

LowCVSS: 3.5

Last Updated: March 9, 2026

SourceCodester Web-based Pharmacy Product Management System - Stored XSS

Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

SourceCodester Web-based Pharmacy Product Management System 1.0 contains a stored XSS caused by manipulation of the "fullname" argument in edit-profile.php, letting remote attackers execute scripts, exploit requires crafted input.

Severity & Score

Severity: Low

CVSS Score: 3.5

Impact

Remote attackers can execute arbitrary scripts, potentially leading to session hijacking or user impersonation.

Mitigation

Update to the latest version or apply patches that sanitize user input in edit-profile.php.

References

https://vuldb.com/?submit.768251
https://www.sourcecodester.com/
https://gist.github.com/Denilxavier/6b21cb788f7f545179286f6c44989448
https://vuldb.com/?ctiid.349744
https://vuldb.com/?id.349744

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3766
Severity: Low
CVSS Score: 3.5
Type: stored_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N