2 matches found
CVE-2025-57204
Stocky POS with Inventory Management & HRM ui-lib version 5.0 is affected by a Stored Cross-Site Scripting XSS vulnerability within the Products module available to authenticated users. The vulnerability resides in the product name parameter submitted to the product-creation endpoint via a standa...
CVE-2025-57205
Inilabs School Express (SMS Express) 6.2 is affected by a Stored XSS in content-management editors (POST /posts/edit/{id} and similar for Notices/Pages). The root cause is insufficient input sanitization and output encoding for editor parameters; payloads are saved and later rendered unsanitized,...