CVE-2026-13570 PUBLISHED

A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Performing a manipulation of the argument full_name results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

• ayush8816 (VulDB User) reporter
• VulDB Vulnerability Moderation Team coordinator

• VDB-374578 | SourceCodester Inventory Management System User Registration Endpoint users_handler.php cross site scripting
• VDB-374578 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-13570 | CVE Analysis and Report
• Submit #844353 | SourceCodester Inventory Management System NA Cross Site Scripting
• https://www.sourcecodester.com/

• Cross Site Scripting CWE
• Code Injection CWE