Plattform
php
Komponente
cvesmarz
Behoben in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in Online Food Ordering System version 1.0. This flaw resides within the /dbfood/food.php file and allows attackers to inject malicious scripts through manipulation of the 'cuisines' argument. Successful exploitation can lead to session hijacking or defacement of the application, impacting users of version 1.0. A fix is expected from the vendor.
The XSS vulnerability in Online Food Ordering System allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a user's browser when they visit the affected page. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The public availability of an exploit significantly increases the risk of exploitation, potentially impacting a wide range of users who rely on the system for online food ordering.
The vulnerability is publicly disclosed and a proof-of-concept exploit is available, indicating a higher likelihood of exploitation. The CVSS score of 2.4 (LOW) suggests the vulnerability is relatively easy to exploit but has limited impact. It is not currently listed on CISA KEV as of this writing.
Businesses and individuals using the Online Food Ordering System version 1.0 are at risk, particularly those who have not implemented robust input validation and sanitization practices. Shared hosting environments where multiple applications share the same server are also at increased risk, as a compromised application could potentially impact others.
• php / web:
grep -r 'cuisines' /var/www/html/dbfood/food.php• generic web:
curl -I <affected_url>/dbfood/food.php?cuisines=<script>alert(1)</script>• generic web: Check access logs for requests to /dbfood/food.php with unusual or suspicious values in the cuisines parameter.
disclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
While a patch is pending, immediate mitigation steps can reduce the risk. Input validation and sanitization on the 'cuisines' parameter within /dbfood/food.php is crucial. Implement strict output encoding to prevent injected scripts from being executed. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly monitor application logs for suspicious activity related to the /dbfood/food.php endpoint.
Aktualisieren Sie das Online Food Ordering System auf eine gepatchte Version, die die Cross-Site Scripting (XSS)-Schwachstelle behebt. Wenn kein Update verfügbar ist, wird empfohlen, zusätzliche Sicherheitsmaßnahmen zu implementieren, wie z. B. die Validierung und Bereinigung von Benutzereingaben, um XSS-Angriffe zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-4899 is a cross-site scripting (XSS) vulnerability in Online Food Ordering System version 1.0, affecting the /dbfood/food.php file. Attackers can inject malicious scripts by manipulating the 'cuisines' argument.
If you are using Online Food Ordering System version 1.0, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as it becomes available.
The vendor is expected to release a patch. Until then, implement input validation, output encoding, and consider using a WAF to mitigate the risk.
A public exploit exists, suggesting a higher likelihood of active exploitation. Monitor your application and logs for suspicious activity.
Refer to the Online Food Ordering System website or vendor communication channels for the official advisory and patch information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.