CVE Catalog

CVE-2026-11518

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability was identified in SourceCodester Inventory System 1.0. The issue affects an unknown function of the file /users.php of the User Management Page component, where manipulation of the argument fullname/username leads to cross-site scripting.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking. The publicly available exploit increases the risk of attacks.

Recommendation

It is recommended to update the system to the latest version to eliminate this vulnerability. Additional security measures, such as input validation, should also be implemented.

Original NVD description (English source)

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS