Cross-Site Scripting Vulnerability in Online Food Ordering System by Code-Projects
CVE-2026-4899
Key Information:
- Vendor
Code-projects
- Vendor
- CVE Published:
- 26 March 2026
Badges
What is CVE-2026-4899?
A security flaw has been identified in the Online Food Ordering System (version 1.0) developed by Code-Projects. This vulnerability involves an improper handling of user-supplied input within the /dbfood/food.php file, specifically targeting the argument 'cuisines'. This oversight allows for cross-site scripting (XSS) attacks, where an attacker can inject malicious scripts into web pages viewed by other users. The exploit has been made public, increasing the risk of it being leveraged for attacks against affected systems. Immediate attention to input validation and proper sanitization is recommended to mitigate potential exploitation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Online Food Ordering System 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved