CVE-2025-56276

Name of the Vulnerable Software and Affected Versions code-projects Food Ordering Review System version 1.0

Description The Food Ordering Review System is susceptible to a Cross Site Scripting (XSS) issue within the registration function. An attacker can inject malicious JavaScript code as a username. When an administrator views user information, this triggers the XSS, potentially leading to the disclosure of the administrator's cookie information.

Recommendations As a temporary workaround, consider sanitizing user input within the registration function to prevent the injection of malicious scripts. Restrict the characters allowed in the username field during registration to prevent the entry of JavaScript code. Implement appropriate output encoding when displaying user information to administrators to neutralize any potential XSS payloads.