CVE-2023-29848

MEDIUM

Bang Resto 1.0 - Stored Cross-Site Scripting via itemName Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-29848. PoCs published by Rahad Chowdhury.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Bang Resto v1.0 by injecting malicious payloads into the 'itemName' parameter during menu creation. The PoC includes HTTP request details and steps to reproduce the vulnerability.

Description

Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rahad Chowdhury · textwebappsphp

https://www.exploit-db.com/exploits/51377

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Bang Resto v1.0 by injecting malicious payloads into the 'itemName' parameter during menu creation. The PoC includes HTTP request details and steps to reproduce the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Bang Resto v1.0

Auth required

Prerequisites: Admin access to the Bang Resto application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/171899/Bang-Resto-1.0-Cross-Site-Scripting.html

Broken Link

https://github.com/mesinkasir/bangresto/issues/2

Scores

CVSS v3 4.8

EPSS 0.0193

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

hockeycomputindo/bang_resto 1.0

Published Apr 24, 2023

Tracked Since Feb 18, 2026