A cross-site scripting vulnerability exists in Online Food Ordering System, an online food ordering system. The vulnerability is caused by a lack of effective filtering and escaping of user-supplied data in the redirect parameter of the login.php page, which can be exploited by attackers to cause cross-site scripting attacks.