Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-0902Cross-site Scripting in Simple Food Ordering System

CWE-79Cross-site Scripting5 documents4 sources
Severity
5.4MEDIUMNVD
CNA3.5
EPSS
2.7%
top 14.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Sourcecodester Simple Food Ordering SystemSimple Food Ordering System Project Simple Food Ordering System
Timeline
PublishedFeb 18
Latest updateApr 6

Description

A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Simple Food Ordering System process_order.php cross site scripting2023-02-18
GHSA
GHSA-p3vv-vhm2-3c78: A vulnerability was found in SourceCodester Simple Food Ordering System 12023-02-18

💥Exploits & PoCs

2
Exploit-DB
Employee Task Management System v1.0 - SQL Injection on edit-task.php2023-04-06
Exploit-DB
Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)2023-04-06
CVE-2023-0902 — Cross-site Scripting | cvebase