Cross Site Scripting Vulnerability in yashpokharna2555 Restaurant Management System
CVE-2026-13499

5.3MEDIUM

Key Information:

Vendor: YasHPokharna2555
Status: Restaurent-management-system
Vendor: CVE Published:; 28 June 2026

🔔 Create YasHPokharna2555 Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-13499?

A security flaw has been identified in the registration component of the yashpokharna2555 restaurant management system. An issue resides within the login_register.php file, where improper handling of the Username argument can lead to a Cross Site Scripting (XSS) vulnerability. This allows attackers to craft inputs that may be executed in the context of another user's session, potentially exposing sensitive information or enabling unauthorized actions. The vulnerability is publicly documented, and as the system operates on a rolling release model, details on specific versions affected remain undetermined. The project maintainers have been alerted of the issue but have yet to provide a response.

Affected Version(s)

restaurent-management-system 5f3eca87cb681366866a78038af17891c4c86612

restaurent-management-system 6d1cc94c9007e2373d30d9c940824a5d2f50d9b6

restaurent-management-system b7124069da225d5be3f430eb4d8e23d294f7a14f

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-13499 - Proof of Concept