Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phppointofsale php point of sale 19.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-40293
The application was vulnerable to a session fixation that could be used hijack accounts.
Phppointofsale Php Point Of Sale 19.0
9.8
CVSSv3
CVE-2022-40296
The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.
Phppointofsale Php Point Of Sale 19.0
9
CVSSv3
CVE-2022-40287
The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.
Phppointofsale Php Point Of Sale 19.0
9
CVSSv3
CVE-2022-40288
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.
Phppointofsale Php Point Of Sale 19.0
9
CVSSv3
CVE-2022-40289
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.
Phppointofsale Php Point Of Sale 19.0
8.8
CVSSv3
CVE-2022-40291
The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an malicious user to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.
Phppointofsale Php Point Of Sale 19.0
8.8
CVSSv3
CVE-2022-40294
The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.
Phppointofsale Php Point Of Sale 19.0
6.1
CVSSv3
CVE-2022-40290
The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing malicious users to generate an unsafe link that could compromise users.
Phppointofsale Php Point Of Sale 19.0
5.3
CVSSv3
CVE-2022-40292
The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.
Phppointofsale Php Point Of Sale 19.0
4.9
CVSSv3
CVE-2022-40295
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
Phppointofsale Php Point Of Sale 19.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon