← Volver a CVEs
CVE-2022-40288
CRITICAL9.0
Descripcion
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.
Detalles CVE
Puntuacion CVSS v3.19.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado10/31/2022
Ultima modificacion5/6/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
phppointofsale:php_point_of_sale
Debilidades (CWE)
CWE-79CWE-79
Referencias
https://www.themissinglink.com.au/security-advisories/cve-2022-40288(vdp@themissinglink.com.au)
https://www.themissinglink.com.au/security-advisories/cve-2022-40288(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.