27 matches found
📄 UltimatePOS 4.8 Cross Site Scripting
The administrative panel in UltimatePOS version 4.8 suffers from a persistent cross site scripting vulnerability. CVE-2025-60503 — Stored Cross-Site Scripting XSS in UltimatePOS UltimateFosters v4.8 Publication date: 2025-10-30 CVE ID: CVE-2025-60503 RESERVED Researcher: Vivien Lebas Vendor:...
CVE-2025-40980
A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products//edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a speciall...
EUVD-2025-37504
A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...
CVE-2025-60503
A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...
CVE-2025-60503
A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...
CVE-2025-60503
A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...
CVE-2025-60503
A cross-site scripting XSS vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated...
PT-2025-44782
Name of the Vulnerable Software and Affected Versions ultimatefosters UltimatePOS version 4.8 Description A cross-site scripting XSS flaw exists in the administrative interface of the software. Input provided in the purchase functionality is reflected without proper sanitization in the admin log...
CVE-2025-60503
A cross-site scripting (XSS) vulnerability exists in UltimatePOS 4.8 (admin purchases). User input in the Purchases > reference No. field is reflected in the Admin Log panel without proper escaping, enabling an authenticated attacker to execute JavaScript in an admin session (potential session...
Exploit for CVE-2025-60503
CVE-2025-60503 — Stored Cross-Site Scripting XSS in Ultimate...
EUVD-2018-8917
Malware in sbrugna...
EUVD-2025-23260
Malicious code in bioql PyPI...
CVE-2025-40980
A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products//edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a speciall...
CVE-2025-40980 ddd
A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products//edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a speciall...
CVE-2025-40980
Summary: CVE-2025-40980 is a Stored XSS in UltimatePOS by UltimateFosters. An unsanitized value in the name field of POST requests to /products//edit can be reflected in pages (e.g., Reports/Activity Log), enabling an authenticated attacker to execute arbitrary JavaScript in an admin/user browser...
CVE-2025-40980 ddd
A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products//edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a speciall...
PT-2025-31500 · Unknown · Ultimatepos
Name of the Vulnerable Software and Affected Versions: UltimatePOS affected versions not specified Description: A Stored Cross Site Scripting vulnerability exists in UltimatePOS due to inadequate validation of user inputs. The vulnerability affects the name parameter via a POST request to the...
UltimatePOS Arbitrary File Upload Vulnerability
UltimatePOS is a sales management system. The system supports inventory management, sales management and invoice management. An arbitrary file upload vulnerability exists in UltimatePOS version 2.5, which can be exploited to upload arbitrary files and execute commands by sending a POST request to...
CVE-2018-17139
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type...
Command injection
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type...