← Back to CVEs
CVE-2022-40288
CRITICAL9.0
Description
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.
CVE Details
CVSS v3.1 Score9.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published10/31/2022
Last Modified5/6/2025
Sourcenvd
Honeypot Sightings0
Affected Products
phppointofsale:php_point_of_sale
Weaknesses (CWE)
CWE-79CWE-79
References
https://www.themissinglink.com.au/security-advisories/cve-2022-40288(vdp@themissinglink.com.au)
https://www.themissinglink.com.au/security-advisories/cve-2022-40288(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.