Ahsanriaz26Gmailcom Sales And Inventory System vulnerabilities

CVE-2026-30562 [CRITICAL] CWE-79 CVE-2026-30562: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-30560 [MEDIUM] CWE-79 CVE-2026-30560: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-30558 [MEDIUM] CWE-79 CVE-2026-30558: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-30561 [MEDIUM] CWE-79 CVE-2026-30561: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-30565 [MEDIUM] CWE-79 CVE-2026-30565: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_supplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-30566 [MEDIUM] CWE-79 CVE-2026-30566: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_customers.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-30564 [MEDIUM] CWE-79 CVE-2026-30564: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_payments.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-30563 [MEDIUM] CWE-79 CVE-2026-30563: A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Syste A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject arbitrary web script or HTML that is stored in the d

CVE-2026-30556 [MEDIUM] CWE-79 CVE-2026-30556: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-30559 [MEDIUM] CWE-79 CVE-2026-30559: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-30557 [MEDIUM] CWE-79 CVE-2026-30557: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory Sy A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2026-4826 [MEDIUM] CWE-74 CVE-2026-4826: A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be u

CVE-2026-4825 [MEDIUM] CWE-74 CVE-2026-4825: A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

CVE-2026-4780 [MEDIUM] CWE-74 CVE-2026-4780: A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknow A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be us

CVE-2026-4781 [MEDIUM] CWE-74 CVE-2026-4781: A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an u A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

CVE-2026-4777 [MEDIUM] CWE-74 CVE-2026-4777: A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects a A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used fo

CVE-2026-4779 [MEDIUM] CWE-74 CVE-2026-4779: A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This is A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed pub

CVE-2026-4778 [MEDIUM] CWE-74 CVE-2026-4778: A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public

CVE-2026-4569 [MEDIUM] CWE-74 CVE-2026-4569: A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unk A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be u

CVE-2026-4570 [MEDIUM] CWE-74 CVE-2026-4570: A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unkn A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.