PT-2026-45391 · Sourcecodester · Pharmacy Sales/Inventory System

Timeflies

Published

2026-06-01

Updated

2026-06-01

CVE-2026-10245

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0

Description A flaw in the create supplier() function within the /ShowForm/create supplier/main file allows for remote cross-site scripting. This occurs when the company name argument is manipulated, enabling an attacker to execute malicious scripts in the victim's browser.

Recommendations Update SourceCodester Pharmacy Sales and Inventory System version 1.0 to a patched version. As a temporary workaround, restrict access to the create supplier() function until a fix is applied.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-10245

Affected Products

Pharmacy Sales/Inventory System

PT-2026-45391 · Sourcecodester · Pharmacy Sales/Inventory System

CVE-2026-10245

Weakness Enumeration

Related Identifiers

Affected Products

References · 8