CVE-2026-10246 - Vulnerability Details

- SourceCodester Pharmacy Sales and Inventory System main create_medicine_presentation cross site scripting

Description

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/main. The manipulation of the argument medicine_presentation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Published: 2026-06-01

Score: 5.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability resides in the create_medicine_presentation function of the Pharmacy Sales and Inventory System. By manipulating the medicine_presentation parameter, an attacker can inject arbitrary JavaScript that will be reflected when the page is rendered. This flaw is an instance of Cross‑Site Scripting (CWE‑79) and is categorized as medium severity due to its potential to compromise user confidentiality, integrity and availability.

Affected Systems

The affected product is SourceCodester Pharmacy Sales and Inventory System version 1.0. The flaw was identified in that release of the create_medicine_presentation module and is listed in the CNA data as impacted.

Risk and Exploitability

The CVSS base score of 5.1 indicates moderate severity, while the EPSS score is not available, offering no additional data on exploit likelihood. The issue can be triggered remotely by sending a crafted request to the application’s create_medicine_presentation endpoint. Because the code executes user‑supplied input without proper encoding, attackers can inject persistent or reflected XSS payloads. The vulnerability is not listed in CISA’s KEV catalog, implying no known active exploits at this time, but the possibility of remote exploitation remains.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SourceCodester

Pharmacy Sales and Inventory System

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Sourcecodester

Pharmacy Sales And Inventory System

95%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor‑published patch or upgrade the system when a fix is released.
Sanitize or escape the medicine_presentation input before storing or rendering it to prevent execution of injected scripts.
Deploy a Web Application Firewall or enforce security headers such as Content‑Security‑Policy to mitigate XSS impact.

Generated by OpenCVE AI on June 1, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00034.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/timeflies123/cve/issues/4
https://vuldb.com/cve/CVE-2026-10246
https://vuldb.com/submit/823941
https://vuldb.com/vuln/367524
https://vuldb.com/vuln/367524/cti
https://www.sourcecodester.com/

History

Mon, 01 Jun 2026 11:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function create_medicine_presentation of the file /ShowForm/create_medicine_presentation/main. The manipulation of the argument medicine_presentation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title		SourceCodester Pharmacy Sales and Inventory System main create_medicine_presentation cross site scripting
First Time appeared		Sourcecodester Sourcecodester pharmacy Sales And Inventory System
Weaknesses		CWE-79 CWE-94
CPEs		cpe:2.3:a:sourcecodester:pharmacy_sales_and_inventory_system::::::::
Vendors & Products		Sourcecodester Sourcecodester pharmacy Sales And Inventory System
References		https://github.com/timeflies123/cve/issues/4 https://vuldb.com/cve/CVE-2026-10246 https://vuldb.com/submit/823941 https://vuldb.com/vuln/367524 https://vuldb.com/vuln/367524/cti https://www.sourcecodester.com/
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Sourcecodester Pharmacy Sales And Inventory System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-01T09:45:07.021Z

Updated: 2026-06-01T09:45:07.021Z

Reserved: 2026-05-31T10:15:15.255Z

Link: CVE-2026-10246

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-06-01T11:16:23.773

Modified: 2026-06-01T13:14:43.470

Link: CVE-2026-10246

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T12:30:28Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object