Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via insufficient sanitization of user inputs to reference, path, and branch parameters when handling git resources in GitJobExecutor. An attacker can inject commands, exposing credentials, removing files, or...

CVE-2025-60503

A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...

CVE-2025-60503

A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...

PT-2025-44782

Name of the Vulnerable Software and Affected Versions ultimatefosters UltimatePOS version 4.8 Description A cross-site scripting XSS flaw exists in the administrative interface of the software. Input provided in the purchase functionality is reflected without proper sanitization in the admin log...

Ultimate Fosters UltimatePOS 安全漏洞

Ultimate Fosters UltimatePOS is a product management and POS cashiering system from Ultimate Fosters. A security vulnerability exists in Ultimate Fosters UltimatePOS version 4.8, which stems from the input submitted by the purchase function in the administration interface is not properly escaped ...