CVE-2026-7281 PUBLISHED

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

• test-user (VulDB User) reporter

• VDB-359939 | SourceCodester Pharmacy Sales and Inventory System index.php supplier cross site scripting
• VDB-359939 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #803017 | sourcecodester Pharmacy Sales and Inventory System V1.0 cross site scripting
• https://github.com/CDipper/CVE-Test/issues/3
• https://www.sourcecodester.com/

• Cross Site Scripting CWE
• Code Injection CWE