CVE-2026-3766

LOW

SourceCodester Pharmacy System 1.0 - XSS

Title source: llm
STIX 2.1

Description

A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

References (5)

Core 5
Core References
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.349744
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.349744
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.768251
Various Sources product
https://www.sourcecodester.com/

Scores

CVSS v3 3.5
EPSS 0.0004
EPSS Percentile 13.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
senior-walter/web-based_pharmacy_product_management_system 1.0
Published Mar 08, 2026
Tracked Since Mar 09, 2026