CVE-2024-0423 LOW

CVE-2024-0423: CodeAstro Online Food Ordering System dishes.php cross site scripting

Vendor Codeastro
Product Online Food Ordering System
Weakness CWE-79 · XSS
Published January 11, 2024
Last update May 14, 2025
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

January 11, 2024 CVE published
May 14, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-51762 WordPress PropertyShift plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2021-26256 WordPress Survey Maker plugin <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability CVE-2024-56019 WordPress Inline Footnotes Plugin <= 2.3.0 - Cross Site Scripting (XSS) vulnerability CVE-2021-47699 Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form CVE-2022-47140 WordPress ARMember Plugin <= 4.0.1 is vulnerable to Cross Site Scripting (XSS)