CVE-2026-30562CRITICAL 9.3EPSS p23.6%

CVE-2026-30562CVE-2026-30562

Description

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL.

Scoring

CVSS 3.19.3 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS0.32% probability of exploitation · percentile 23.6% · 2026-06-18T12:00:27Z
Published2026-03-30
Last modified2026-04-01

Underlying weaknesses· 1

CWE-79

References

  1. https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-AddStock-msg.md

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3754
CVE
CVE-2026-3756
CVE
CVE-2026-3755
CVE
CVE-2026-4826
CVE
CVE-2026-3790
CVE
CVE-2026-11520
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.