CVE-2022-40288 Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via messaging functionality

2022-10-3120:05:35

CWE-79

TML

www.cve.org

cve-2022-40288

stored cross-site scripting

php point of sale

AI Score

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PHP Point of Sale",
    "vendor": "PHP Point of Sale LLC",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

References

www.themissinglink.com.au/security-advisories/cve-2022-40288