CVE-2026-10247

SourceCodester Pharmacy Sales and Inventory System main create_generic_name cross site scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79 CWE-94

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The manipulation of the argument generic_name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

SourceCodester · Pharmacy Sales and Inventory System

public PoCs found — 1

cve_referencegithub.com/timeflies123/cve/issues/5unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/timeflies123/cve/issues/5 https://vuldb.com/cve/CVE-2026-10247 https://vuldb.com/submit/823943 https://vuldb.com/vuln/367525 https://vuldb.com/vuln/367525/cti https://www.sourcecodester.com/