CVE-2026-9413

Description

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

References

• https://gist.github.com/c4ttr4ck/cb6a07bc54600a14de2676d8b96c3026
• https://vuldb.com/submit/813609
• https://vuldb.com/vuln/365394
• https://vuldb.com/vuln/365394/cti
• https://www.sourcecodester.com/