Phppointofsale

Php Point Of Sale

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-41011

  • EPSS 0.16%
  • Veröffentlicht 21.04.2026 15:15:31
  • Zuletzt bearbeitet 06.05.2026 20:34:36

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussi...

5.3

CVE-2022-40292

  • EPSS 0.5%
  • Veröffentlicht 31.10.2022 21:15:13
  • Zuletzt bearbeitet 06.05.2025 20:15:24

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.

9.8

CVE-2022-40293

  • EPSS 0.62%
  • Veröffentlicht 31.10.2022 21:15:13
  • Zuletzt bearbeitet 06.05.2025 20:15:24

The application was vulnerable to a session fixation that could be used hijack accounts.

8.8

CVE-2022-40294

  • EPSS 0.75%
  • Veröffentlicht 31.10.2022 21:15:13
  • Zuletzt bearbeitet 06.05.2025 15:15:59

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.

4.9

CVE-2022-40295

  • EPSS 0.37%
  • Veröffentlicht 31.10.2022 21:15:13
  • Zuletzt bearbeitet 25.02.2026 16:21:42

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.

9.8

CVE-2022-40296

  • EPSS 0.62%
  • Veröffentlicht 31.10.2022 21:15:13
  • Zuletzt bearbeitet 06.05.2025 20:15:25

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.

9

CVE-2022-40287

  • EPSS 0.62%
  • Veröffentlicht 31.10.2022 21:15:12
  • Zuletzt bearbeitet 06.05.2025 20:15:23

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.

9

CVE-2022-40288

  • EPSS 0.62%
  • Veröffentlicht 31.10.2022 21:15:12
  • Zuletzt bearbeitet 06.05.2025 20:15:23

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.

9

CVE-2022-40289

  • EPSS 0.6%
  • Veröffentlicht 31.10.2022 21:15:12
  • Zuletzt bearbeitet 06.05.2025 20:15:23

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted fil...

6.1

CVE-2022-40290

  • EPSS 0.38%
  • Veröffentlicht 31.10.2022 21:15:12
  • Zuletzt bearbeitet 06.05.2025 20:15:24

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users.