Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7
CVE-2025-60503
- EPSS 0.04%
- Veröffentlicht 03.11.2025 00:00:00
- Zuletzt bearbeitet 04.11.2025 15:41:31
A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'referenc...
5.1
CVE-2025-40980
- EPSS 0.32%
- Veröffentlicht 31.07.2025 09:46:07
- Zuletzt bearbeitet 31.07.2025 18:42:37
A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products/<PRODUCT_ID>/edit’, affecting to ‘name’ parameter via POST. The vul...
8.8
CVE-2018-17139
- EPSS 4.25%
- Veröffentlicht 17.09.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:56
UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.
1