CVE-2023-0902

LOW

Simple Food Ordering System - XSS

Title source: rule

Description

A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Muhammad Navaid Zafar Ansari · textwebappsphp

https://www.exploit-db.com/exploits/51292

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Muhammad Navaid Zafar Ansari · textwebappsphp

https://www.exploit-db.com/exploits/51287

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Simple%20Food%20Ordering%20System%20-%20Authenticated%20Reflected%20XSS.md

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.221451

[Third Party Advisory] https://vuldb.com/?id.221451

Scores

CVSS v3 3.5

EPSS 0.0272

EPSS Percentile 86.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

simple_food_ordering_system_project/simple_food_ordering_system 1.0

Published Feb 18, 2023

Tracked Since Feb 18, 2026