← back
CVE-2023-0902

SourceCodester Simple Food Ordering System process_order.php cross site scripting

CVSS 3.5 LOWEPSS 2.7%CWE-79
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Affected products
SourceCodester · Simple Food Ordering System
public PoCs found3
cve_referencegithub.com/navaidzansari/CVE_Demo/blob/main/2023/Simple%20Food%20Ordering%20System%20-%20Authenticated%20Reflected%20XSS.mdunverifiedexploitdbwww.exploit-db.com/exploits/51287unverifiedexploitdbwww.exploit-db.com/exploits/51292unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Simple%20Food%20Ordering%20System%20-%20Authenticated%20Reflected%20XSS.mdhttps://vuldb.com/?ctiid.221451https://vuldb.com/?id.221451