PT-2026-45390 · Sourcecodester · Pharmacy Sales/Inventory System

Timeflies

Published

2026-06-01

Updated

2026-06-01

CVE-2026-10244

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0

Description A cross-site scripting issue exists in the create medicine name() function located in the /ShowForm/create medicine name/main file. A remote attacker can trigger this by manipulating the medicine name argument. Cross-site scripting is a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users.

Recommendations For version 1.0, avoid using the medicine name argument in the affected function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-10244

Affected Products

Pharmacy Sales/Inventory System

PT-2026-45390 · Sourcecodester · Pharmacy Sales/Inventory System

CVE-2026-10244

Weakness Enumeration

Related Identifiers

Affected Products

References · 8