CVE-2026-4899Cross-site Scripting in Online Food Ordering System

CWE-79Cross-site ScriptingCWE-94Code Injection39 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 90.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Code-projects Online Food Ordering System
Timeline
PublishedMar 26
Latest updateMar 27

Description

A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argument cuisines results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-7jcq-m3gg-2pwx: A security flaw has been discovered in code-projects Online Food Ordering System 12026-03-27
CVEList
code-projects Online Food Ordering System food.php cross site scripting2026-03-26

🕵️Threat Intelligence

2
Wiz
RUSTSEC-2026-0019 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
RUSTSEC-2026-0028 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-4899 — Cross-site Scripting | cvebase