← Volver a CVEs
CVE-2025-60503
HIGH8.7
Descripcion
A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Detalles CVE
Puntuacion CVSS v3.18.7
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado11/3/2025
Ultima modificacion2/3/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
ultimatefosters:ultimatepos
Debilidades (CWE)
CWE-79
Referencias
https://github.com/H4zaz/CVE-2025-60503(cve@mitre.org)
https://ultimatefosters.com(cve@mitre.org)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.