The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.
CPE | Name | Operator | Version |
---|---|---|---|
php_point_of_sale | eq | 19.0 |