EUVD-2026-20787

| CVE-2026-5810 MEDIUM
2026-04-08 [email protected] GHSA-4phh-x97m-378h
5.1
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

4
Analysis Generated
Apr 08, 2026 - 22:24 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 22:24 euvd
EUVD-2026-20787
CVE Published
Apr 08, 2026 - 22:16 nvd
MEDIUM 5.1
PoC Detected
Apr 08, 2026 - 22:16 vuln.today
Public exploit code

Tags

XSS PHP

Description

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Analysis

Stored cross-site scripting (XSS) in SourceCodester Sales and Inventory System 1.0 allows authenticated remote attackers to inject malicious scripts via the ID parameter in /delete.php, which are executed in the context of other users' browsers when they interact with the affected page. The vulnerability requires user interaction (clicking a malicious link) but has a published proof-of-concept and CVSS 5.1 score reflecting moderate impact on data integrity; exploitation is confirmed possible but not currently in CISA KEV.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

46
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: +20

Share

EUVD-2026-20787 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy