Description

A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file login_register.php of the component Registration Handler. Performing a manipulation of the argument Username results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

Severity (CVSS)

Base score5.3
SeverityMedium
VersionCVSS 4.0
VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Provided byCNA

Weaknesses

  • CWE-79 — Cross Site Scripting
  • CWE-94 — Code Injection

Affected products

VendorProductVersions
yashpokharna2555restaurent-management-system5f3eca87cb681366866a78038af17891c4c86612; 6d1cc94c9007e2373d30d9c940824a5d2f50d9b6; b7124069da225d5be3f430eb4d8e23d294f7a14f

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 29 Jun 2026 07:08 UTC.