This vulnerability is a reflected XSS in SourceCodester Sales and Inventory System 1.0, specifically in the add_category.php file's "msg" parameter. The application fails to sanitize input, enabling attackers to inject malicious scripts or HTML via crafted URLs. The CVSS 3.1 base score is 6.1, with attack vector network, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality and integrity, with no impact on availability. No patch or remediation information is currently available.

Successful exploitation allows remote attackers to execute arbitrary scripts in the context of the affected application, potentially leading to information disclosure or manipulation of the user interface. The impact is limited to confidentiality and integrity with no availability impact. No known exploits have been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider implementing input validation and output encoding on the "msg" parameter to mitigate reflected XSS risks. Avoid clicking on untrusted links that may exploit this vulnerability.