Description
A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php of the component User Registration Endpoint. Performing a manipulation of the argument full_name results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity (CVSS)
| Base score | 5.1 |
|---|---|
| Severity | Medium |
| Version | CVSS 4.0 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| Provided by | CNA |
Weaknesses
- CWE-79 — Cross Site Scripting
- CWE-94 — Code Injection
Affected products
| Vendor | Product | Versions |
|---|---|---|
| SourceCodester | Inventory Management System | 1.0 |
References
- https://vuldb.com/vuln/374578 (vdb-entry technical-description)
- https://vuldb.com/vuln/374578/cti (signature permissions-required)
- https://vuldb.com/cve/CVE-2026-13570 (third-party-advisory)
- https://vuldb.com/submit/844353 (third-party-advisory)
- https://www.sourcecodester.com/ (product)
Generated from the official CVE List on 30 Jun 2026 07:04 UTC.