What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Abunaser Khan Advance Food Menu advance-food-menu allows Stored XSS.This issue affects Advance Food Menu: from n/a through <= 1.0.
Explanation of Vulnerability in Simple Terms
02Summary
Advance Food Menu versions 1.0 and earlier contain a cross-site scripting (XSS) vulnerability that allows high-privilege users to inject malicious scripts. An attacker with administrative access can craft a request that injects JavaScript into the application, which executes in other users' browsers when they interact with affected pages. The vulnerability requires user interaction to trigger.
What an attacker can do
03Attacker Capabilities
Inject JavaScript that runs in other users' browsers to steal session tokens, redirect users, or modify page content.
Potential impact on your site
04Site Impact
An administrator account compromise could allow malicious script injection affecting all site visitors, potentially leading to credential theft or unauthorized actions.
Conditions required to exploit
05Prerequisites
Attacker must have high-privilege (admin-level) access and the victim must visit a page containing the injected payload.
Key dates
06Disclosure timeline
August 28, 2025
CVE published
April 28, 2026
Record updated