CVE-2024-57326

Name of the Vulnerable Software and Affected Versions Online Pizza Delivery System version 1.0

Description A Reflected Cross-Site Scripting (XSS) issue exists in the search.php file, allowing an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter. This occurs because the input is not properly sanitized, enabling the execution of malicious scripts.

Recommendations For Online Pizza Delivery System version 1.0, consider disabling the search function in the search.php file until a patch is available to prevent exploitation. Restrict access to the search parameter to minimize the risk of arbitrary JavaScript code execution. Avoid using the search parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.