Phppointofsale

phppointofsale

12 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Php Point Of Sale

php_point_of_sale

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-41011 1Phppointofsale 1Php Point Of Sale May 6, 2026 Apr 21, 2026 5.1 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/gen...Show more HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' parameters.Show less
CVE-2022-40296 1Phppointofsale 1Php Point Of Sale May 6, 2025 Oct 31, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other...Show more The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. Show less
CVE-2022-40295 1Phppointofsale 1Php Point Of Sale Feb 25, 2026 Oct 31, 2022 N/A· v4 4.9 MEDIUM· v3 N/A· v2 The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
CVE-2022-40294 1Phppointofsale 1Php Point Of Sale May 6, 2025 Oct 31, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.
CVE-2022-40293 1Phppointofsale 1Php Point Of Sale May 6, 2025 Oct 31, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The application was vulnerable to a session fixation that could be used hijack accounts.
CVE-2022-40292 1Phppointofsale 1Php Point Of Sale May 6, 2025 Oct 31, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.
CVE-2022-40291 1Phppointofsale 1Php Point Of Sale May 6, 2025 Oct 31, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack the...Show more The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts. Show less
CVE-2022-40290 1Phppointofsale 1Php Point Of Sale May 6, 2025 Oct 31, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users....Show more The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users. Show less
CVE-2022-40289 1Phppointofsale 1Php Point Of Sale May 6, 2025 Oct 31, 2022 N/A· v4 9.0 CRITICAL· v3 N/A· v2 The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce i...Show more The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. Show less
CVE-2022-40288 1Phppointofsale 1Php Point Of Sale May 6, 2025 Oct 31, 2022 N/A· v4 9.0 CRITICAL· v3 N/A· v2 The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their us...Show more The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. Show less
CVE-2022-40287 1Phppointofsale 1Php Point Of Sale May 6, 2025 Oct 31, 2022 N/A· v4 9.0 CRITICAL· v3 N/A· v2 The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.
CVE-2011-3785 1Phppointofsale 1Php Point Of Sale Apr 29, 2026 Sep 24, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/vie...Show more PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by system/scaffolding/views/view.php and certain other files.Show less