Code-Projects Food Ordering Review System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Food Ordering Review System version 1.0. The issue arises in the registration function, where an attacker can input malicious JavaScript into the username field. This script is executed when the admin reviews user information, leading to the exposure of the admin's cookie data.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser session.

Reproduction

To reproduce this vulnerability, register a new user by entering '<script>alert(document.cookie)</script>' in both the surname and first name fields. After successful registration, the injected script will execute when the admin views the user information, causing an alert with the admin's cookie details to appear.