Sales And Inventory System
Sign in to watchSource repositories
CVEs (31)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3753 | Med | 0.41 | 6.3 | 0.00 | Mar 8, 2026 | A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /add_sales_print.php. Such manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2026-30561 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_purchase.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2026-30560 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2026-30559 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_sales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2026-30558 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_customer.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2026-30557 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_category.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2026-30556 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2026-30566 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_customers.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2026-30565 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_supplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2026-30564 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_payments.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | |
| CVE-2026-30563 | Med | 0.40 | 6.1 | 0.00 | Mar 30, 2026 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject arbitrary web script or HTML that is stored in the database and executed whenever the store details page is accessed. |
Page 2 of 2