CVE-2026-1598 MEDIUM

CVE-2026-1598: Bdtask Bhojon All-In-One Restaurant Management System User Information profile cross site scripting

Vendor Bdtask
Product Bhojon All-In-One Restaurant Management System
Weakness CWE-79 · XSS
Published January 29, 2026
Last update February 23, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Information Module. Performing a manipulation of the argument fullname results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

January 29, 2026 CVE published
February 23, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-43344 WordPress Icegram Engage – Ultimate WP Popup Builder, Lead Generation, Optins, and CTA plugin <= 3.1.25 - Cross Site Scripting (XSS) vulnerability CVE-2025-3448 XSS on SDM CVE-2023-40680 WordPress Yoast SEO Plugin <= 21.0 is vulnerable to Cross Site Scripting (XSS) CVE-2024-5962 Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding CVE-2024-1257 Jspxcms find_text.do cross site scripting