← Retour aux CVEs
CVE-2025-60503
HIGH8.7
Description
A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
Details CVE
Score CVSS v3.18.7
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie11/3/2025
Derniere modification2/3/2026
Sourcenvd
Observations honeypot0
Produits affectes
ultimatefosters:ultimatepos
Faiblesses (CWE)
CWE-79
References
https://github.com/H4zaz/CVE-2025-60503(cve@mitre.org)
https://ultimatefosters.com(cve@mitre.org)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.