4 matches found
CVE-2019-3960
CVE-2019-3960 affects WallacePOS 1.4.3. Affected component: web-based WallacePOS uploads allowing unrestricted file upload of dangerous types. Root cause per sources: remote, authenticated attacker can upload a malicious PHP file and execute arbitrary code. Impact per documents: arbitrary code ex...
CVE-2019-3958
The CVE-2019-3958 entry corresponds to WallacePOS 1.4.3 and describes insufficient output sanitization that enables a remote, authenticated attacker to perform persistent cross-site scripting (XSS) via a crafted sales transaction. The vulnerability is documented across multiple feeds (NVD, Red Ha...
CVE-2019-3959
CVE-2019-3959 affects WallacePOS 1.4.3 via Cross-Site Request Forgery. A remote attacker can trigger sensitive actions by convincing a logged-in user to visit a crafted link. Root causes cited include inadequate verification of request origin in the web application. CVSS data in the record indica...
CVE-2017-7388
CVE-2017-7388 affects wallacepos v1.4.1. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient filtering of user-supplied data (token) passed to wallacepos-master/myaccount/resetpassword.php. An attacker could execute arbitrary HTML/script in a browser context of the vuln...