Description
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
Published: 2026-03-27
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Reflected Cross‑Site Scripting
Action: Patch Immediately
AI Analysis

Impact

A reflected cross‑site scripting vulnerability is present in the view_category.php file of SourceCodester Inventory System 1.0. The application accepts a "limit" parameter from the URL without sanitizing or encoding its value, allowing attackers to inject arbitrary JavaScript or HTML. When a user follows a crafted link, the malicious code runs in the victim’s browser, potentially enabling session hijacking, credential theft, defacement, or phishing attacks. The impact is limited to the scope of the browser context but can compromise confidentiality and integrity of user data.

Affected Systems

The affected product is SourceCodester Inventory System version 1.0. No other vendors or product variants are listed in the known CNA data.

Risk and Exploitability

The CVSS score and EPSS values are not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit this flaw remotely by directing a user to a URL containing a malicious "limit" value. Because the flaw is reflected, it does not require authentication or special privileges. Given the absence of mitigations on the server side, the likelihood of exploitation remains moderate to high in environments where end users regularly visit external links.

Generated by OpenCVE AI on March 27, 2026 at 18:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a patched version of SourceCodester Inventory System 1.0 that sanitizes the limit parameter
  • If a patch is unavailable, implement server‑side input validation to allow only numeric values for limit
  • Employ output encoding or use appropriate HTTP headers (Content‑Security‑Policy) to prevent execution of injected scripts
  • Deploy a web application firewall rule to block requests containing script tags or suspicious characters in the limit parameter

Generated by OpenCVE AI on March 27, 2026 at 18:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester inventory System
Vendors & Products Sourcecodester
Sourcecodester inventory System

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Reflected Cross‑Site Scripting via Limit Parameter in SourceCodester Inventory System 1.0
Weaknesses CWE-79

Fri, 27 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.
References

Subscriptions

Sourcecodester Inventory System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-30T14:36:46.309Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30571

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-27T17:16:28.710

Modified: 2026-03-30T13:26:29.793

Link: CVE-2026-30571

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T08:00:05Z

Weaknesses