CVE-2022-40287
Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields.
The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Productos afectados
PHP Point of Sale LLC · PHP Point of Sale¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →