CVE-2026-30527
Last modified
CVE-2026-30527 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oretnom23 | Online Food Ordering System | 1.0 |
References
- https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/Stored-XSS-Category-Name.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-30527?
How severe is CVE-2026-30527?
How do I fix CVE-2026-30527?
Are you affected by CVE-2026-30527?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST