CVE-2026-30563

Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject arbitrary web script or HTML that is stored in the database and executed whenever the store details page is accessed.

References

• https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-UpdateDetails-website.md