CodeAstro Food Ordering System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in CodeAstro Food Ordering System version 1.0. The issue arises in the POST request parameter handler of the file '/admin/store/edit/', where the 'Restaurant Name/Address' argument can be manipulated to inject malicious scripts. This injected JavaScript is persistently stored in the database and executed when the profile page is accessed. The vulnerability can be exploited remotely and requires user interaction.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the profile page.

Reproduction

To reproduce this vulnerability, navigate to the '/admin/store/edit/' section of the application. Inject a script into the 'Restaurant Name/Address' POST parameter. Once submitted, the injected script will be executed whenever the profile page is viewed.