CVE-2020-35261

MEDIUM

Multi Restaurant Table Reservation System 1.0 - Stored Cross-Site Scripting via Restaurant Name Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35261. PoCs published by yunaranyancat.

AI-analyzed exploit summary This exploit demonstrates multiple persistent XSS vulnerabilities in Multi Restaurant Table Reservation System 1.0. The PoC includes HTTP requests with malicious payloads injected into various fields (e.g., Restaurant Name, Table Name, Item Name) that execute JavaScript when rendered.

Description

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.

Exploits (1)

exploitdb WORKING POC
by yunaranyancat · textwebappsphp
https://www.exploit-db.com/exploits/49135

This exploit demonstrates multiple persistent XSS vulnerabilities in Multi Restaurant Table Reservation System 1.0. The PoC includes HTTP requests with malicious payloads injected into various fields (e.g., Restaurant Name, Table Name, Item Name) that execute JavaScript when rendered.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Multi Restaurant Table Reservation System 1.0
Auth required
Prerequisites: Authenticated session (PHPSESSID cookie) · Access to vulnerable input fields
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.4
EPSS 0.0081
EPSS Percentile 52.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
multi_restaurant_table_reservation_system_project/multi_restaurant_table_reservation_system 1.0
Published Jul 15, 2022
Tracked Since Feb 18, 2026