2 matches found
CVE-2022-40289 Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality.
The application was vulnerable to an authenticated Stored Cross-Site Scripting XSS in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files...
CVE-2022-40289
PHP Point of Sale (version 19.0) is affected by an authenticated Stored Cross-Site Scripting (XSS) in the upload/download functionality. The underlying issue allows an attacker to escalate privileges or compromise accounts of users who observe the targeted files. The reports consistently describe...