← Zuruck zu CVEs
CVE-2025-60503
HIGH8.7
Beschreibung
A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
CVE Details
CVSS v3.1 Bewertung8.7
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionREQUIRED
Veroffentlicht11/3/2025
Zuletzt geandert2/3/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
ultimatefosters:ultimatepos
Schwachen (CWE)
CWE-79
Referenzen
https://github.com/H4zaz/CVE-2025-60503(cve@mitre.org)
https://ultimatefosters.com(cve@mitre.org)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.