CVE-2026-9377 PUBLISHED

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file /admin/productedit.php. The manipulation of the argument productName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

• n0name (VulDB User) reporter

• VDB-365340 | SourceCodester SUP Online Shopping productedit.php cross site scripting
• VDB-365340 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #813270 | sourcecodester SUP Online Shopping Project V1.0 Cross Site Scripting
• https://github.com/redshadowword-cell/CVE/issues/13
• https://www.sourcecodester.com/

• Cross Site Scripting CWE
• Code Injection CWE