Description
A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Multiple parameters might be affected.
Published: 2026-06-08
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A weakness in the file header.php of SourceCodester Inventory System 1.0 allows an attacker to inject malicious scripts into web pages, enabling cross‑site scripting. The description indicates that the flaw can be triggered remotely and that the exploit has been made publicly available. The vulnerability does not present a denial‑of‑service or code execution impact, but it can allow attackers to hijack user sessions or steal sensitive information through the impacted pages.

Affected Systems

SourceCodester Inventory System version 1.0 is the affected product. No other versions or vendors are listed as impacted.

Risk and Exploitability

The CVSS score of 5.1 places the vulnerability in the moderate severity range. The EPSS score is currently not available, so the likelihood of exploitation cannot be fully quantified, and it is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, relying on manipulation of one or more unsanitized parameters in header.php. If the exploit is successfully delivered, the attacker could execute arbitrary JavaScript in the context of a victim’s browser.

Generated by OpenCVE AI on June 8, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest released version of SourceCodester Inventory System, ensuring the patch for header.php is applied
  • If a newer version is unavailable, restrict the use of the vulnerable functionality or remove the affected code from header.php
  • Sanitize and validate all input parameters that are reflected in the page output, and encode output as HTML to prevent script injection during rendering

Generated by OpenCVE AI on June 8, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Multiple parameters might be affected.
Title SourceCodester Inventory System header.php cross site scripting
First Time appeared Sourcecodester
Sourcecodester inventory System
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:sourcecodester:inventory_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester inventory System
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Inventory System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-09T14:36:08.852Z

Reserved: 2026-06-07T16:01:24.873Z

Link: CVE-2026-11520

cve-icon Vulnrichment

Updated: 2026-06-09T14:22:02.875Z

cve-icon NVD

Status : Deferred

Published: 2026-06-08T15:16:43.817

Modified: 2026-06-09T01:34:33.987

Link: CVE-2026-11520

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T15:30:27Z

Weaknesses