CVE-2025-3826

Name of the Vulnerable Software and Affected Versions SourceCodester Web-based Pharmacy Product Management System version 1.0

Description A problematic vulnerability was found in the SourceCodester Web-based Pharmacy Product Management System. This issue affects an unknown part of the file add-supplier.php. The manipulation of the arguments txtsupplier name and txtaddress leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For version 1.0, consider disabling the add-supplier.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the arguments txtsupplier name and txtaddress in the affected file to minimize the risk of exploitation.