CVE-2024-24134

MEDIUM

Sourcecodester Online Food Menu 1.0 - Stored Cross-Site Scripting via Menu Name and Description Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-24134. PoCs published by BurakSevben.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-24134, an XSS vulnerability in the 'Online Food Menu' application. It includes payload examples, step-by-step exploitation instructions, and visual proof of the vulnerability in action.

Description

Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.

Exploits (1)

nomisec WRITEUP

by BurakSevben · poc

https://github.com/BurakSevben/CVE-2024-24134

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2024-24134, an XSS vulnerability in the 'Online Food Menu' application. It includes payload examples, step-by-step exploitation instructions, and visual proof of the vulnerability in action.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Online Food Menu 1.0

Auth required

Prerequisites: Access to the admin panel at /food-menu/admin.php · Valid authentication credentials

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/BurakSevben/2024_Online_Food_Menu_XSS/

Scores

CVSS v3 4.8

EPSS 0.0072

EPSS Percentile 49.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

remyandrade/online_food_menu 1.0

Published Jan 29, 2024

Tracked Since Feb 18, 2026