Zero Day MonitorZDM

← Back to list

6.1

CVE-2026-30563EXPLOITED

n/a · n/a

CVE-2026-30563: A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerabi

Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject arbitrary web script or HTML that is stored in the database and executed whenever the store details page is accessed.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-UpdateDetails-website.md

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-30563 | SourceCodester Sales and Inventory System 1.0 POST Request update_details.php Website cross site scripting

→ No new info (linked only)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

PublishedMar 30, 2026

Last enriched6h agov2

Trending Score49

Source articles1

Independent1

Info Completeness6/14

Missing: cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-30562EXP

CVE-2026-30562: A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulner

MEDIUMCVE-2026-29909EXP

CVE-2026-29909: MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/f

CRITICALCVE-2026-29925EXP

CVE-2026-29925: Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php.

HIGHCVE-2026-29954EXP

CVE-2026-29954: In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing th

HIGHCVE-2026-29953EXP

CVE-2026-29953: SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 30, 2026

Discovered by ZDM

Mar 30, 2026

Updated: affectedVersions, severity, activelyExploited

Mar 30, 2026

Actively Exploited

Mar 30, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated vendor and product information, set severity to HIGH, and marked the vulnerability as actively exploited.

affectedVersionsseverityactivelyExploited

via VulDB

v17h ago

Initial creation