This vulnerability is a reflected XSS in SourceCodester Sales and Inventory System 1.0, specifically in the add_customer.php file's "msg" parameter. The application fails to sanitize input properly, enabling attackers to inject malicious scripts or HTML via crafted URLs. The CVSS 3.1 vector indicates it is exploitable remotely without privileges, requires user interaction, and can lead to partial confidentiality and integrity impacts without affecting availability.

Successful exploitation could allow attackers to execute arbitrary scripts in the context of the victim's browser, potentially leading to theft of sensitive information or session hijacking. The impact is limited to confidentiality and integrity with no direct availability impact. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should consider implementing input validation and output encoding on the "msg" parameter to mitigate reflected XSS risks. Avoid clicking on suspicious links that may exploit this vulnerability.