Description
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Published: 2026-03-27
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑site scripting via unsanitized limit parameter
Action: Patch if available
AI Analysis

Impact

A reflected cross‑site scripting flaw exists in the view_stock_availability.php component of the inventory management application. An attacker can supply a specially crafted limit value in the request URL, causing the application to echo the value back to the browser without any encoding or validation. The injected payload can execute arbitrary JavaScript in the context of any user who visits the URL, potentially stealing session cookies, defacing the site, or facilitating further attacks against authenticated users.

Affected Systems

The vulnerability affects SourceCodester Inventory System version 1.0. No other vendors or products are listed as impacted.

Risk and Exploitability

The fault relies solely on external input and requires no authentication, making it reachable over the public network. The CVSS score is not provided in the data, and no EPSS indication is available, so the exact probability of exploitation remains unclear. Because the attack vector is remote and the impact involves client‑side code execution, organizations should treat this flaw as high risk unless mitigated by a patch or a proper input‑sanitization measure. The vulnerability is not recorded in the CISA KEV list, suggesting no known public exploits yet.

Generated by OpenCVE AI on March 27, 2026 at 18:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for an official patch or update for SourceCodester Inventory System 1.0

Generated by OpenCVE AI on March 27, 2026 at 18:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester inventory System
Vendors & Products Sourcecodester
Sourcecodester inventory System

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Reflected XSS via limit Parameter in Inventory System
Weaknesses CWE-79

Fri, 27 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0. The vulnerability is located in the view_stock_availability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
References

Subscriptions

Sourcecodester Inventory System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-30T14:34:01.869Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30569

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-27T17:16:28.483

Modified: 2026-03-30T13:26:29.793

Link: CVE-2026-30569

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T08:00:07Z

Weaknesses