This vulnerability is a reflected XSS in SourceCodester Sales and Inventory System 1.0, specifically in the view_stock_availability.php file. The issue arises because the "limit" parameter fails to sanitize input, enabling attackers to inject malicious scripts or HTML via crafted URLs. The CVSS 3.1 vector indicates it is remotely exploitable without privileges, requires user interaction, and can lead to partial confidentiality and integrity impacts without affecting availability.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of the affected application for users who click on a crafted URL. This may lead to theft of user credentials, session hijacking, or other actions limited to the confidentiality and integrity of user data. There is no indication of availability impact or widespread exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, users should avoid clicking on untrusted links that include the vulnerable parameter. Application developers should implement proper input validation and output encoding on the "limit" parameter to prevent script injection.