CVE-2026-30527

Stored XSS in Category Management of Online Food Ordering System

Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser.

INFO

Published Date :

2026-03-27T00:00:00.000Z

Last Modified :

2026-04-06T13:49:46.219Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2026-30527 vulnerability.

Vendors	Products
Oretnom23	Online Food Ordering System
Sourcecodester	Online Food Ordering System

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30527.

URL	Resource
https://github.com/meifukun/Web-Security-PoCs/blob/main/Online-Food-Ordering-System/Stored-XSS-Category-Name.md

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact