CVE 8.7 HIGH

CVE-2025-60503_CVE-2025-60503

November 3, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Description

A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.

AI Analysis

Cross-site scripting (XSS) vulnerability in UltimatePOS administrative interface

Basic Information

ID CVE-2025-60503

Source mitre

Published Nov 3, 2025 at 00:00

Modified Nov 3, 2025 at 16:35

Affected Product

Vendor ultimatefosters

Product UltimatePOS

Version 4.8

Affected Versions n/a n/a n/a

CWE Classification

CWE-79

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor ultimatefosters

Product UltimatePOS

Version 4.8

References

{
    "lastseen": "",
    "description": "A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.",
    "published": "2025-11-03T00:00:00.000Z",
    "modified": "2025-11-03T16:35:11.605Z",
    "type": "cve",
    "title": "CVE-2025-60503",
    "source": "mitre",
    "references": "https://ultimatefosters.com\nhttps://github.com/H4zaz/CVE-2025-60503",
    "id": "CVE-2025-60503",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "UltimatePOS",
    "version": "4.8",
    "vendor": "ultimatefosters",
    "ai_description": "Cross-site scripting (XSS) vulnerability in UltimatePOS administrative interface",
    "ai_severity": "High",
    "ai_vendor": "ultimatefosters",
    "ai_product": "UltimatePOS",
    "ai_version": "4.8",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply