A vulnerability classified as problematic has been found in SourceCodester Inventory System 1.0 . Affected is an unknown function of the file /users.php of the component User Management Page . The manipulation of the argument fullname/username leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-11518 . The attack is possible to be carried out remotely. Moreover, an exploit is present.