Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via messaging functionality
CVE-2022-40288

9CRITICAL

Key Information:

Vendor: PHP Point Of Sale Llc
Status: PHP Point Of Sale
Vendor: CVE Published:; 31 October 2022

🔔 Create PHP Point Of Sale Llc Vulnerability Alert

What is CVE-2022-40288?

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.

Affected Version(s)

PHP Point of Sale 0

References

https://www.themissinglink.com.au/security-advisories/cve...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Sep 8, 2022

CVE-2022-40288 Data

JSON