SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

Problem type

Affected products

SourceCodester

Pharmacy Sales and Inventory System

1.0 - AFFECTED

References

VDB-360115 | SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting

https://vuldb.com/vuln/360115

vdb-entrytechnical-description

VDB-360115 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/360115/cti

signaturepermissions-required

Submit #803105 | SourceCodester Pharmacy Sales and Inventory System V1.0 cross site scripting

https://vuldb.com/submit/803105

third-party-advisory

github.com

https://github.com/microwaveabi/vul/issues/4

exploitissue-tracking

sourcecodester.com

https://www.sourcecodester.com/

product

GitHub Security Advisories

GHSA-xp67-g9p3-282p

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The...

https://github.com/advisories/GHSA-xp67-g9p3-282p

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7390

github.com

https://github.com/microwaveabi/vul/issues/4

vuldb.com

https://vuldb.com/submit/803105

vuldb.com

https://vuldb.com/vuln/360115

vuldb.com

https://vuldb.com/vuln/360115/cti

sourcecodester.com

https://www.sourcecodester.com

github.com

https://github.com/advisories/GHSA-xp67-g9p3-282p

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7390

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7390",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-04-29T15:45:11.636Z",
    "dateReserved": "2026-04-29T09:37:15.508Z",
    "datePublished": "2026-04-29T15:45:11.636Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-04-29T15:45:11.636Z"
      },
      "title": "SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "SourceCodester",
          "product": "Pharmacy Sales and Inventory System",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Cross Site Scripting",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Code Injection",
              "cweId": "CWE-94",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/360115",
          "name": "VDB-360115 | SourceCodester Pharmacy Sales and Inventory System index.php customer cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/360115/cti",
          "name": "VDB-360115 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/803105",
          "name": "Submit #803105 | SourceCodester Pharmacy Sales and Inventory System V1.0 cross site scripting",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/microwaveabi/vul/issues/4",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://www.sourcecodester.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 3.5,
            "baseSeverity": "LOW"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 3.5,
            "baseSeverity": "LOW"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "baseScore": 4
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-04-29T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-04-29T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-04-29T11:42:28.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "microwave (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}