CVE-2026-7269

SourceCodester Pharmacy Sales and Inventory System index.php cross site scripting

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79 CWE-94

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

SourceCodester · Pharmacy Sales and Inventory System

public PoCs found — 1

cve_referencegithub.com/zulu225588/zulu-loudong/issues/3unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/zulu225588/zulu-loudong/issues/3 https://vuldb.com/submit/802757 https://vuldb.com/submit/802758 https://vuldb.com/vuln/359920 https://vuldb.com/vuln/359920/cti https://www.sourcecodester.com/