How severe is CVE-2025-3826?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.1 out of 10.

What type of vulnerability is CVE-2025-3826?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-3826

MEDIUM Year: 2025

CVSS v3 Score

4.1

Medium

CVSS v2 Score

3.3

Low

Weakness Type

CWE-79

View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2019-15706

MEDIUM

CVSS:4.1(Medium)

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below, ...

CWE-792019

CVE-2020-7303

MEDIUM

CVSS:4.1(Medium)

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new la...

CWE-792020

CVE-2021-3841

MEDIUM

CVSS:4.1(Medium)

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that ...

CWE-792021

CVE-2022-26888

MEDIUM

CVSS:4.1(Medium)

Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.

CWE-792022