CVE-2026-7281
LOWSourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting
Title source: cnaDescription
A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
References (5)
Core 5
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-359939 | SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting
https://vuldb.com/vuln/359939
Signature, Permissions Required signature
permissions-required
VDB-359939 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/359939/cti
Third Party Advisory third-party-advisory
Submit #803017 | sourcecodester Pharmacy Sales and Inventory System V1.0 cross site scripting
https://vuldb.com/submit/803017
Exploit exploit
issue-tracking
https://github.com/CDipper/CVE-Test/issues/3
Product product
https://www.sourcecodester.com/
Scores
CVSS v3
2.4
EPSS
0.0021
EPSS Percentile
10.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-94
Status
published
Products (1)
SourceCodester/Pharmacy Sales and Inventory System
1.0
Published
Apr 28, 2026
Tracked Since
Apr 28, 2026