| Title | PHPJABBERS Restaurant Menu Maker V1.1 Cross Site Scripting |
|---|
| Description | During the security assessment of "Restaurant Menu Maker Project", I detected a critical Cross-Site Scripting vulnerability in the "preview.php" file. The vulnerability occurs when user-controlled input from the "theme" parameter is reflected in the web page without proper output encoding. This allows attackers to craft malicious URLs containing JavaScript payloads that will be executed when victims visit the compromised page. |
|---|
| Source | ⚠️ https://github.com/485961590/CVE/issues/1 |
|---|
| User | nyxswl (UID 90273) |
|---|
| Submission | 09/16/2025 11:04 (7 months ago) |
|---|
| Moderation | 09/21/2025 18:14 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325184 [PHPJabbers Restaurant Menu Maker up to 1.1 /preview.php theme cross site scripting] |
|---|
| Points | 20 |
|---|