CVE Catalog

CVE-2026-13570

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Summary

A cross-site scripting vulnerability was found in SourceCodester Inventory Management System 1.0 in the file /api/users_handler.php. Manipulating the full_name argument in the user registration endpoint allows remote script execution. The exploit is publicly available.

Risk Assessment

An attacker can inject malicious scripts, leading to session hijacking, redirects, or theft of user credentials within the system.

Recommendation

Immediately update the system to the latest version or apply input filtering for the full_name parameter in /api/users_handler.php.

Original NVD description (English source)

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Performing a manipulation of the argument full_name results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS