Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality.
CVE-2022-40289

9CRITICAL

Key Information:

Vendor: PHP Point Of Sale Llc
Status: PHP Point Of Sale
Vendor: CVE Published:; 31 October 2022

🔔 Create PHP Point Of Sale Llc Vulnerability Alert

What is CVE-2022-40289?

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.

Affected Version(s)

PHP Point of Sale 0

References

https://www.themissinglink.com.au/security-advisories/cve...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Sep 8, 2022

CVE-2022-40289 Data

JSON