CVE-2025-3823

Name of the Vulnerable Software and Affected Versions SourceCodester Web-based Pharmacy Product Management System version 1.0

Description A vulnerability has been found in the SourceCodester Web-based Pharmacy Product Management System. The issue affects an unknown function of the file add-stock.php. The manipulation of the arguments txttotalcost, txtproductID, txtprice, and txtexpirydate leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations As a temporary workaround, consider disabling the unknown function in the add-stock.php file until a patch is available. Restrict access to the add-stock.php file to minimize the risk of exploitation. Avoid using the arguments txttotalcost, txtproductID, txtprice, and txtexpirydate in the affected file until the issue is resolved. Apply patches to mitigate the risk as soon as they become available.