2 matches found
CVE-2021-47908 Ultimate POS 4.4 Persistent Cross-Site Scripting via Product Name
Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack us...
Ultimate POS 4.4 - 'name' Cross-Site Scripting (XSS)
Exploit Title: Ultimate POS 4.4 - 'name' Cross-Site Scripting XSS Date: 2021-10-26 Exploit Author: Vulnerability Lab Vendor Homepage: https://ultimatefosters.com/docs/ultimatepos/ Version: 4.4 Document Title: =============== Ultimate POS v4.4 - Products Persistent XSS Vulnerability References...