CVE-2026-30556
Essential information
- Published
- 30/03/2026 16:16
- Modified
- 31/03/2026 18:16
- Author
- —
- Creator
- —
- CVSS
- 6.1 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- REQUIRED
- Scope
- CHANGED
- Confidentiality impact
- LOW
- Integrity impact
- LOW
- Availability impact
- NONE
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| sourcecodester / sales and inventory system | cpe:2.3:a:sourcecodester:sales_and_inventory_system:1.0:*:*:*:*:*:*:* |