This vulnerability is a reflected XSS in SourceCodester Sales and Inventory System 1.0, specifically in the add_supplier.php script's "msg" parameter. The application fails to sanitize input, enabling attackers to inject malicious scripts or HTML via crafted URLs. The CVSS 3.1 vector indicates the attack requires no privileges, has low attack complexity, requires user interaction, and impacts confidentiality and integrity but not availability.

Successful exploitation can lead to the execution of arbitrary scripts in the context of the victim's browser, potentially allowing theft of sensitive information or session tokens, and manipulation of the user interface. The impact is limited to confidentiality and integrity with no direct availability impact. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider implementing input validation and output encoding on the "msg" parameter to mitigate reflected XSS risks. Additionally, applying web application firewall (WAF) rules to detect and block malicious payloads targeting this parameter may help reduce exposure.