Php Point Of Sale

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-41011 MEDIUM This Month

HTML injection vulnerability in PHP Point of Sale v19.4 allows unauthenticated remote attackers to render arbitrary HTML in victims' browsers via the '/reports/generate/specific_customer' endpoint, affecting the 'start_date_formatted' and 'end_date_formatted' parameters. User interaction is required (victim must visit a crafted link), limiting impact to stored/reflected XSS scenarios. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS PHP Php Point Of Sale

NVD

CVSS 4.0

5.1

EPSS

0.0%

CVE-2025-41011

EPSS 0% CVSS 5.1

MEDIUM This Month

HTML injection vulnerability in PHP Point of Sale v19.4 allows unauthenticated remote attackers to render arbitrary HTML in victims' browsers via the '/reports/generate/specific_customer' endpoint, affecting the 'start_date_formatted' and 'end_date_formatted' parameters. User interaction is required (victim must visit a crafted link), limiting impact to stored/reflected XSS scenarios. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS PHP Php Point Of Sale

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy