CVE-2026-10244 PUBLISHED

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function create_medicine_name of the file /ShowForm/create_medicine_name/main. Performing a manipulation of the argument medicine_name results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used.

• timeflies (VulDB User) reporter

• VDB-367522 | SourceCodester Pharmacy Sales and Inventory System main create_medicine_name cross site scripting
• VDB-367522 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-10244 | CVE Analysis and Report
• Submit #823931 | sourcecodester Pharmacy Sales and Inventory System 1.0 Cross Site Scripting
• https://github.com/timeflies123/cve/issues/2
• https://www.sourcecodester.com/

• Cross Site Scripting CWE
• Code Injection CWE