Cross-Site Scripting Vulnerability in jairiidriss RestaurantWebsite Platform
CVE-2025-13802

5.3MEDIUM

Key Information:

Vendor

Jairiidriss

Status
Restaurantwebsite
Vendor
CVE Published:
1 December 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-13802?

A cross-site scripting vulnerability exists in the jairiidriss RestaurantWebsite due to improper handling of the 'selected_date' argument in the 'Make a Reservation' feature. This flaw allows attackers to inject malicious scripts, which can be executed in the context of another user's session. Because this vulnerability can be exploited remotely, it poses a risk to end users interacting with the affected web application. The vendor has not provided updated version details despite being notified of the issue, indicating a potential lack of responsiveness towards security vulnerabilities in their software.

Affected Version(s)

RestaurantWebsite e7911f12d035e8e2f9a75e7a28b59e4ef5c1d654

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-13802 - Proof of Concept

References

https://vuldb.com/?id.333812
vdb-entrytechnical-description
https://vuldb.com/?ctiid.333812
signaturepermissions-required
https://vuldb.com/?submit.691839
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

dream123 (VulDB User)
JSON
.
CVE-2025-13802 : Cross-Site Scripting Vulnerability in jairiidriss RestaurantWebsite Platform