CVE-2026-4898 — Cross-site Scripting in Online Food Ordering System

CWE-79 — Cross-site Scripting CWE-94 — Code Injection5 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 89.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Online Food Ordering System

Timeline

PublishedMar 26

Latest updateMar 27

Description

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5code-projects/online_food_ordering_system1.0

🔴Vulnerability Details

GHSA

GHSA-8j9j-w3w5-2667: A vulnerability was identified in code-projects Online Food Ordering System 1↗2026-03-27

▶

CVEList

code-projects Online Food Ordering System contact.php cross site scripting↗2026-03-26

▶

💬Community

Bugzilla

CVE-2025-68114 capstone: Capstone: Memory corruption via unchecked vsnprintf return↗2025-12-17

▶

Bugzilla

CVE-2025-67873 capstone: Capstone: Heap buffer overflow via skipdata callback allows denial of service or arbitrary code execution.↗2025-12-17

▶