CVE-2022-40289

Published: Oct 31, 2022Modified: May 6, 2025

9.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitability: 2.3 / Impact: 6.0

Source: NVD

Description

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.

Affected (1)

Products: Phppointofsale: Php Point Of Sale

1 product

Php Point Of Sale

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phppointofsale Php Point Of Sale	Version 19.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.themissinglink.com.au/security-advisories/cve-2022-40289

Source: vdp@themissinglink.com.au

Vendor Advisory

https://www.themissinglink.com.au/security-advisories/cve-2022-40289

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.