CVE-2026-9413

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available a...

medium 4.3 CVSS 3.1

Published: May 25, 2026

Modified: May 26, 2026

Description

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

References

https://gist.github.com/c4ttr4ck/cb6a07bc54600a14de2676d8b96c3026
https://vuldb.com/submit/813609
https://vuldb.com/vuln/365394
https://vuldb.com/vuln/365394/cti
https://www.sourcecodester.com/

Version	3.1
Score	4.3 / 10
Severity	medium