CVE-2026-10247 MEDIUM

CVE-2026-10247: SourceCodester Pharmacy Sales and Inventory System main create_generic_name cross site scripting

Vendor Sourcecodester

Product Pharmacy Sales and Inventory System

Weakness CWE-79 · XSS

Published June 1, 2026

Last update June 1, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects the function create_generic_name of the file /ShowForm/create_generic_name/main. The manipulation of the argument generic_name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used.

Key dates

02Disclosure timeline

June 1, 2026 CVE published

June 1, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-10247 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-9115 Common Tools for Site <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload CVE-2023-1363 SourceCodester Computer Parts Sales and Inventory System Add User Account cross site scripting CVE-2022-3539 Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting CVE-2024-37500 WordPress Beaver Builder plugin <= 2.8.2.2 - Cross Site Scripting (XSS) vulnerability CVE-2023-47759 WordPress Chaty plugin <= 3.1.2 - Cross Site Scripting (XSS) vulnerability