CVE-2026-3766

Name of the Vulnerable Software and Affected Versions SourceCodester Web-based Pharmacy Product Management System version 1.0

Description A security flaw exists in SourceCodester Web-based Pharmacy Product Management System 1.0. The issue impacts an unknown function within the edit-profile.php file. Manipulating the fullname argument can lead to cross site scripting. The attack can be initiated remotely, and the exploit has been publicly released.

Recommendations Apply any available updates or patches for version 1.0. As a temporary workaround, consider sanitizing the fullname input to prevent script injection. Restrict access to the edit-profile.php file if possible.