Lucene search
+L
WallaceitWallacepos

4 matches found

CVE
CVE
added 2019/07/31 5:20 p.m.83 views

CVE-2019-3960

CVE-2019-3960 affects WallacePOS 1.4.3. Affected component: web-based WallacePOS uploads allowing unrestricted file upload of dangerous types. Root cause per sources: remote, authenticated attacker can upload a malicious PHP file and execute arbitrary code. Impact per documents: arbitrary code ex...

7.2CVSS7.2AI score0.03019EPSS
CVE
CVE
added 2019/07/31 5:26 p.m.81 views

CVE-2019-3958

The CVE-2019-3958 entry corresponds to WallacePOS 1.4.3 and describes insufficient output sanitization that enables a remote, authenticated attacker to perform persistent cross-site scripting (XSS) via a crafted sales transaction. The vulnerability is documented across multiple feeds (NVD, Red Ha...

5.4CVSS5AI score0.00855EPSS
CVE
CVE
added 2019/07/31 5:22 p.m.73 views

CVE-2019-3959

CVE-2019-3959 affects WallacePOS 1.4.3 via Cross-Site Request Forgery. A remote attacker can trigger sensitive actions by convincing a logged-in user to visit a crafted link. Root causes cited include inadequate verification of request origin in the web application. CVSS data in the record indica...

8.8CVSS8.5AI score0.00832EPSS
CVE
CVE
added 2017/04/01 1:7 a.m.43 views

CVE-2017-7388

CVE-2017-7388 affects wallacepos v1.4.1. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient filtering of user-supplied data (token) passed to wallacepos-master/myaccount/resetpassword.php. An attacker could execute arbitrary HTML/script in a browser context of the vuln...

6.1CVSS5.8AI score0.00838EPSS
Web