CVE-2026-11518
MediumCVSS 4.3Summary
A vulnerability was identified in SourceCodester Inventory System 1.0. The issue affects an unknown function of the file /users.php of the User Management Page component, where manipulation of the argument fullname/username leads to cross-site scripting.
Risk Assessment
An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking. The publicly available exploit increases the risk of attacks.
Recommendation
It is recommended to update the system to the latest version to eliminate this vulnerability. Additional security measures, such as input validation, should also be implemented.
Original NVD description (English source)
A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

