CVE-2026-13499

yashpokharna2555 restaurent-management-system Registration login_register.php cross site scripting

Assigner: VulDB
Reserved: 27.06.2026 Published: 28.06.2026 Updated: 28.06.2026

A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts an unknown function of the file login_register.php of the component Registration Handler. Performing a manipulation of the argument Username results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
CVSS Score: 5.3

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	Low	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	None
User Interaction	Passive

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.1

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	Required	Availability Impact	None

CVSS 3.0

CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
CVSS Score: 5

Access Vector	Network	Confidentiality Impact	None
Access Complexity	Low	Integrity Impact	Partial
Authentication	None	Availability Impact	None

CVSS 2.0

Product Status

Vendor	yashpokharna2555
Product	restaurent-management-system
Versions	Version 5f3eca87cb681366866a78038af17891c4c86612 is affected Version 6d1cc94c9007e2373d30d9c940824a5d2f50d9b6 is affected Version b7124069da225d5be3f430eb4d8e23d294f7a14f is affected

Vendor

yashpokharna2555

Product

restaurent-management-system

Versions

Version 5f3eca87cb681366866a78038af17891c4c86612 is affected
Version 6d1cc94c9007e2373d30d9c940824a5d2f50d9b6 is affected
Version b7124069da225d5be3f430eb4d8e23d294f7a14f is affected

Credits

wr0ld (VulDB User) reporter
VulDB CNA Team coordinator

References

Problem Types