Cross-Site Scripting Vulnerability in Online Food Ordering System by Code-Projects
CVE-2026-4899
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 26 March 2026
Badges
What is CVE-2026-4899?
A security flaw has been identified in the Online Food Ordering System (version 1.0) developed by Code-Projects. This vulnerability involves an improper handling of user-supplied input within the /dbfood/food.php file, specifically targeting the argument 'cuisines'. This oversight allows for cross-site scripting (XSS) attacks, where an attacker can inject malicious scripts into web pages viewed by other users. The exploit has been made public, increasing the risk of it being leveraged for attacks against affected systems. Immediate attention to input validation and proper sanitization is recommended to mitigate potential exploitation.
Affected Version(s)
Online Food Ordering System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
