Plattform
php
Komponente
sales-and-inventory-system
Behoben in
1.0.1
CVE-2026-5810 describes a cross-site scripting (XSS) vulnerability discovered in SourceCodester Sales and Inventory System, specifically impacting versions 1.0.0 through 1.0. This flaw resides within the /delete.php file, allowing attackers to inject malicious scripts via manipulation of the ID parameter. Successful exploitation could lead to session hijacking, data theft, or website defacement. A patch is expected to resolve this issue.
The XSS vulnerability in Sales and Inventory System allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can lead to various malicious outcomes, including session hijacking, defacement of the website, and redirection of users to phishing sites. An attacker could potentially steal sensitive user data, such as login credentials or financial information. Given the public availability of an exploit, the risk of exploitation is elevated, particularly for systems that haven't been patched. The impact extends to all users interacting with the vulnerable Sales and Inventory System, as any user visiting a page containing the injected script could be affected.
CVE-2026-5810 has a LOW CVSS score, but the availability of a public proof-of-concept significantly increases the risk of exploitation. The vulnerability is relatively straightforward to exploit, requiring only manipulation of the ID parameter. No KEV listing or active exploitation campaigns have been publicly reported as of the publication date, but the public exploit makes it a high-priority target for opportunistic attackers. The vulnerability was publicly disclosed on 2026-04-08.
Organizations utilizing SourceCodester Sales and Inventory System, particularly those with limited security resources or outdated configurations, are at increased risk. Shared hosting environments where multiple users share the same server instance are also vulnerable, as a compromise of one user's account could potentially impact others.
• php / web:
curl -s -X POST 'http://your-sales-inventory-system/delete.php?id=<script>alert("XSS")</script>' | grep -i alert• generic web:
curl -s 'http://your-sales-inventory-system/delete.php?id=<script>alert("XSS")</script>' | grep -i alert• generic web:
grep -i 'alert("XSS")' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-5810 is to upgrade to a patched version of SourceCodester Sales and Inventory System as soon as it becomes available. Until an upgrade is possible, consider implementing temporary workarounds. Input validation and sanitization on the ID parameter in /delete.php is crucial. Implement a Web Application Firewall (WAF) with rules to detect and block XSS attempts targeting this specific endpoint. Regularly review and update the WAF rules to ensure effectiveness. Carefully examine the code for other potential XSS vulnerabilities. After upgrade, confirm by attempting to access /delete.php with a known malicious payload to ensure the vulnerability is resolved.
Aktualisieren Sie das Sales and Inventory System auf eine korrigierte Version. Überprüfen Sie die Anbieterdokumentation für spezifische Aktualisierungsanweisungen. Implementieren Sie zusätzliche Sicherheitsmaßnahmen, wie z. B. Eingabevalidierung und Ausgabecodierung, um das Risiko von XSS-Angriffen zu mindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-5810 is a cross-site scripting (XSS) vulnerability in SourceCodester Sales and Inventory System versions 1.0.0–1.0, allowing attackers to inject malicious scripts via the /delete.php file.
If you are using SourceCodester Sales and Inventory System version 1.0.0 or 1.0, you are potentially affected by this XSS vulnerability.
Upgrade to a patched version of SourceCodester Sales and Inventory System as soon as it becomes available. Implement input validation and output encoding as a temporary workaround.
An exploit has been published, indicating a high probability of active exploitation. Immediate action is recommended.
Refer to the SourceCodester website or their official communication channels for the latest advisory regarding CVE-2026-5810.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.