| Title | code-projects Simple Food Ordering System 1.0 Improper Neutralization of Alternate XSS Syntax |
|---|
| Description | This code segment is vulnerable to stored Cross-Site Scripting (XSS) attacks because it outputs database content directly into the HTML page without proper escaping. An attacker can inject malicious JavaScript code into fields such as product name or category name. When a user visits the order page, the injected script will execute in their browser.
Theft of user cookies or session tokens, leading to account hijacking.
Execution of unauthorized actions on behalf of the user (such as placing orders or changing account details).
Display of fake content or phishing forms to trick users into revealing sensitive information.
Potential spread of malware if malicious scripts are injected. |
|---|
| Source | ⚠️ https://github.com/asd1238525/cve/blob/main/xss3.md |
|---|
| User | yunlin (UID 79129) |
|---|
| Submission | 09/17/2025 09:06 (7 months ago) |
|---|
| Moderation | 09/21/2025 21:44 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325194 [code-projects Simple Food Ordering System 1.0 /ordersimple/order.php ID cross site scripting] |
|---|
| Points | 20 |
|---|