CVE-2022-40287 Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields.

2022-10-3120:08:11

CWE-79

TML

www.cve.org

cve-2022-40287

stored cross-site scripting

php point of sale

privilege escalation

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PHP Point of Sale",
    "vendor": "PHP Point of Sale LLC",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

References

www.themissinglink.com.au/security-advisories/cve-2022-40287