CVE-2026-30527

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 92.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oretnom23 Online Food Ordering System

Timeline

PublishedMar 27

Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

▶NVDoretnom23/online_food_ordering_system1.0

🔴Vulnerability Details

GHSA

GHSA-43p7-xw3r-w4gp: A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1↗2026-03-27

▶

CVEList

CVE-2026-30527: A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1↗2026-03-27

▶