Lucene search

K
cvelistTMLCVELIST:CVE-2022-40287
HistoryOct 31, 2022 - 8:08 p.m.

CVE-2022-40287 Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields.

2022-10-3120:08:11
CWE-79
TML
www.cve.org
cve-2022-40287
stored cross-site scripting
php point of sale
privilege escalation

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

42.8%

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality,Β leading to privilege escalation or a compromise of a targeted account.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PHP Point of Sale",
    "vendor": "PHP Point of Sale LLC",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

42.8%

Related for CVELIST:CVE-2022-40287