Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Inventory System

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-11520
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-Not Assigned
Published-08 Jun, 2026 | 14:00
Updated-08 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Inventory System header.php cross site scripting

A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Multiple parameters might be affected.

Action-Not Available
Vendor-SourceCodester
Product-Inventory System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-11519
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-08 Jun, 2026 | 13:45
Updated-08 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Inventory System Account Creation users_handler.php improper authorization

A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-SourceCodester
Product-Inventory System
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2026-11518
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-Not Assigned
Published-08 Jun, 2026 | 13:30
Updated-08 Jun, 2026 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Inventory System User Management users.php cross site scripting

A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument fullname/username leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodester
Product-Inventory System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')