PT-2026-5310 · Unknown · Bhojon All-In-One Restaurant Management System
4M3Rr0R
·
Published
2026-01-29
·
Updated
2026-02-19
·
CVE-2026-1598
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Bdtask Bhojon All-In-One Restaurant Management System versions prior to 20260117
Description
A flaw exists in the User Information Module of Bdtask Bhojon All-In-One Restaurant Management System. Manipulating the
fullname argument in the file '/dashboard/home/profile' can lead to cross site scripting. This issue is remotely exploitable. The details of the exploit have been publicly disclosed.Recommendations
Versions prior to 20260117 should be updated. As a temporary workaround, consider restricting or carefully validating the
fullname argument to prevent malicious input.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Bhojon All-In-One Restaurant Management System