CVE-2026-10245
Deferred Deferred - Pending Action
Cross-Site Scripting in Pharmacy Sales and Inventory System

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function create_supplier of the file /ShowForm/create_supplier/main. Executing a manipulation of the argument company_name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-10245
EUVD
EUVD-2026-33618
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sourcecodester pharmacy_sales_and_inventory_system 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how this cross site scripting vulnerability in SourceCodester Pharmacy Sales and Inventory System 1.0 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a cross site scripting (XSS) flaw found in the SourceCodester Pharmacy Sales and Inventory System version 1.0. It exists in the create_supplier function located in the /ShowForm/create_supplier/main file. An attacker can manipulate the company_name argument to inject malicious scripts.

The attack can be launched remotely, meaning an attacker does not need local access to exploit this vulnerability. The exploit has already been published and may be used by attackers.

Impact Analysis

This cross site scripting vulnerability can allow attackers to execute malicious scripts in the context of the affected web application. This can lead to unauthorized actions such as stealing user session cookies, defacing the website, or redirecting users to malicious sites.

Since the attack can be performed remotely, it increases the risk of exploitation without requiring physical or internal network access.

Detection Guidance

This vulnerability is a cross site scripting (XSS) flaw in the create_supplier function of the file /ShowForm/create_supplier/main in SourceCodester Pharmacy Sales and Inventory System 1.0. Detection involves identifying if the company_name parameter is vulnerable to script injection.

To detect this vulnerability, you can attempt to inject typical XSS payloads into the company_name parameter and observe if the input is reflected unsanitized in the response.

  • Use curl or similar tools to send a request with a script payload, for example: curl -G --data-urlencode "company_name=<script>alert(1)</script>" http://target/ShowForm/create_supplier/main
  • Use a web proxy or browser developer tools to inspect the response for unescaped script tags or JavaScript execution.
  • Automated scanners or tools like OWASP ZAP or Burp Suite can be used to test for reflected XSS on the affected endpoint.
Mitigation Strategies

Immediate mitigation steps include sanitizing and validating the input received in the company_name parameter to prevent injection of malicious scripts.

Implement proper output encoding on the server side to ensure that any user-supplied data is safely rendered in the HTML context.

If possible, apply patches or updates provided by the vendor or community addressing this vulnerability.

As a temporary measure, consider blocking or filtering suspicious input patterns at the web application firewall or network level.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10245. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart