PT-2026-45392 · Sourcecodester · Pharmacy Sales/Inventory System

Timeflies

Published

2026-06-01

Updated

2026-06-01

CVE-2026-10246

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0

Description Cross site scripting can be triggered remotely through the manipulation of the medicine presentation argument within the create medicine presentation() function located in the /ShowForm/create medicine presentation/main file.

Recommendations As a temporary workaround, restrict access to the create medicine presentation() function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-10246

Affected Products

Pharmacy Sales/Inventory System

PT-2026-45392 · Sourcecodester · Pharmacy Sales/Inventory System

CVE-2026-10246

Weakness Enumeration

Related Identifiers

Affected Products

References · 8