Platform
php
Component
cvesmarz
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in Online Food Ordering System version 1.0. This flaw resides within the /dbfood/food.php file and allows attackers to inject malicious scripts through manipulation of the 'cuisines' argument. Successful exploitation can lead to session hijacking or defacement of the application, impacting users of version 1.0. A fix is expected from the vendor.
The XSS vulnerability in Online Food Ordering System allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a user's browser when they visit the affected page. An attacker could leverage this to steal session cookies, redirect users to malicious websites, or deface the application. The public availability of an exploit significantly increases the risk of exploitation, potentially impacting a wide range of users who rely on the system for online food ordering.
The vulnerability is publicly disclosed and a proof-of-concept exploit is available, indicating a higher likelihood of exploitation. The CVSS score of 2.4 (LOW) suggests the vulnerability is relatively easy to exploit but has limited impact. It is not currently listed on CISA KEV as of this writing.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
While a patch is pending, immediate mitigation steps can reduce the risk. Input validation and sanitization on the 'cuisines' parameter within /dbfood/food.php is crucial. Implement strict output encoding to prevent injected scripts from being executed. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly monitor application logs for suspicious activity related to the /dbfood/food.php endpoint.
Actualizar el sistema Online Food Ordering System a una versión parcheada que solucione la vulnerabilidad de Cross-Site Scripting (XSS). Si no hay una actualización disponible, se recomienda implementar medidas de seguridad adicionales, como la validación y el saneamiento de las entradas del usuario, para prevenir ataques XSS.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4899 is a cross-site scripting (XSS) vulnerability in Online Food Ordering System version 1.0, affecting the /dbfood/food.php file. Attackers can inject malicious scripts by manipulating the 'cuisines' argument.
If you are using Online Food Ordering System version 1.0, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as it becomes available.
The vendor is expected to release a patch. Until then, implement input validation, output encoding, and consider using a WAF to mitigate the risk.
A public exploit exists, suggesting a higher likelihood of active exploitation. Monitor your application and logs for suspicious activity.
Refer to the Online Food Ordering System website or vendor communication channels for the official advisory and patch information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.