Sales And Inventory System
CVEs (36)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3753 | Med | 0.41 | 6.3 | 0.00 | Mar 8, 2026 | A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /add_sales_print.php. Such manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The… | ||
| CVE-2026-30561 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject… | ||
| CVE-2026-30560 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject… | ||
| CVE-2026-30559 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject… | ||
| CVE-2026-30558 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject… | ||
| CVE-2026-30557 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject… | ||
| CVE-2026-30556 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary… | ||
| CVE-2026-30566 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_customers.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject… | ||
| CVE-2026-30565 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_supplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject… | ||
| CVE-2026-30564 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_payments.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject… | ||
| CVE-2026-30563 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated… | ||
| CVE-2026-30567 | Med | 0.40 | 6.1 | 0.00 | Mar 27, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via… | ||
| CVE-2026-30571 | Med | 0.40 | 6.1 | 0.00 | Mar 27, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via… | ||
| CVE-2026-30570 | Med | 0.40 | 6.1 | 0.00 | Mar 27, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a… | ||
| CVE-2026-30569 | Med | 0.40 | 6.1 | 0.00 | Mar 27, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to… | ||
| CVE-2021-25202 | 0.00 | — | 0.02 | Jul 22, 2021 | SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php. |
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /add_sales_print.php. Such manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_customers.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_supplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_payments.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject…
- risk 0.40cvss 6.1epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_product.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the view_sales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a…
- risk 0.40cvss 6.1epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to…
- CVE-2021-25202Jul 22, 2021risk 0.00cvss —epss 0.02
SQL injection vulnerability in SourceCodester Sales and Inventory System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to \ahira\admin\inventory.php.
Page 2 of 2