{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30571", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-27T16:46:09.811Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-03-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-27T16:46:09.811Z"}, "descriptions": [{"lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_category.php file via the \"limit\" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-ViewCategory-limit.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Inventory System 1.0 in the view_category.php file via the \"limit\" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL."}], "id": "CVE-2026-30571", "lastModified": "2026-03-27T17:16:28.710", "metrics": {}, "published": "2026-03-27T17:16:28.710", "references": [{"source": "cve@mitre.org", "url": "https://github.com/meifukun/Web-Security-PoCs/blob/main/Inventory-System/XSS-ViewCategory-limit.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T18:24:10.227292+00:00", "value": {"mitigation_remediation": ["Apply a patched version of SourceCodester Inventory System 1.0 that sanitizes the limit parameter", "If a patch is unavailable, implement server\u2011side input validation to allow only numeric values for limit", "Employ output encoding or use appropriate HTTP headers (Content\u2011Security\u2011Policy) to prevent execution of injected scripts", "Deploy a web application firewall rule to block requests containing script tags or suspicious characters in the limit parameter"], "summary": {"action": "Patch Immediately", "impact": "Reflected Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The affected product is SourceCodester Inventory System version 1.0. No other vendors or product variants are listed in the known CNA data.", "description_and_impact": "A reflected cross\u2011site scripting vulnerability is present in the view_category.php file of SourceCodester Inventory System 1.0. The application accepts a \"limit\" parameter from the URL without sanitizing or encoding its value, allowing attackers to inject arbitrary JavaScript or HTML. When a user follows a crafted link, the malicious code runs in the victim\u2019s browser, potentially enabling session hijacking, credential theft, defacement, or phishing attacks. The impact is limited to the scope of the browser context but can compromise confidentiality and integrity of user data.", "risk_and_exploitability": "The CVSS score and EPSS values are not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit this flaw remotely by directing a user to a URL containing a malicious \"limit\" value. Because the flaw is reflected, it does not require authentication or special privileges. Given the absence of mitigations on the server side, the likelihood of exploitation remains moderate to high in environments where end users regularly visit external links."}}}}, "created": "2026-03-27T20:25:54.343921+00:00", "title": "Reflected Cross\u2011Site Scripting via Limit Parameter in SourceCodester Inventory System 1.0", "updated": "2026-03-27T20:25:54.343963+00:00", "vendors": [], "weaknesses": ["CWE-79"]}