CVE-2026-11518

MEDIUM NVD

CVSS Score 4.3

Severity MEDIUM

Published Jun 08, 2026

Vendor unknown

Description

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

References

https://github.com/Xmyronn/Stored-XSS-in-Inventory-System-using-PHP-and-MySQL.git
https://vuldb.com/cve/CVE-2026-11518
https://vuldb.com/submit/836289
https://vuldb.com/vuln/369138
https://vuldb.com/vuln/369138/cti