ddd

July 31, 2025 invoker category_cve

CVE Details

Basic Information

Title ddd
Type cve
Published 2025-07-31T09:46:07.541Z
Modified 2025-07-31T09:46:07.541Z

Product Information

Vendor UltimateFosters
Product UltimatePOS
Version 6.4;

CVSS Information

Base Score 5.1 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Products

  • UltimateFosters UltimatePOS 6.4;

Additional Information

CWE List CWE-79
Source INCIBE

Description

A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via β€˜/products//edit’, affecting to β€˜name’ parameter via POST. The vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her session cookies details.

πŸ’­ Join the Security Discussion

πŸ”’ Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.