PT-2025-48737 · Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System

Published

2025-12-02

Updated

2025-12-02

CVE-2025-65215

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Sourcecodester Web-based Pharmacy Product Management System version 1.0

Description The software is susceptible to Cross Site Scripting (XSS) attacks. The issue is located in the '/product expiry/add-supplier.php' file, specifically through the Supplier Name field. An attacker could potentially inject malicious scripts into the application via this field.

Recommendations Apply input validation and output encoding to the Supplier Name field in the '/product expiry/add-supplier.php' file.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-65215

Affected Products

Sourcecodester Web-Based Pharmacy Product Management System

PT-2025-48737 · Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System

CVE-2025-65215

Weakness Enumeration

Related Identifiers

Affected Products

References · 6