Stored XSS Vulnerability in LionCoders SalePro POS Affects Customer Management Module
CVE-2025-56382

6.1MEDIUM

Key Information:

Vendor: LionCoders
Status: SalePro POS
Vendor: CVE Published:; 6 October 2025

What is CVE-2025-56382?

A stored Cross-site scripting vulnerability is present in the Customer Management Module of LionCoders SalePro POS version 5.4.8. This flaw allows an authenticated attacker to inject arbitrary web scripts or HTML through the 'Customer Name' parameter while creating or editing customer profiles. The lack of proper sanitization of input data enables these malicious scripts to be stored and executed in the browsers of users who later view the affected customer details, potentially compromising user security and leading to unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://preview.codecanyon.net/item/lims-stock-manager-pr...

https://github.com/Auspicious-Rook/Vulnerability-Research...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 6, 2025
Vulnerability Reserved
Aug 16, 2025

JSON

LionCoders

What is CVE-2025-56382?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.