CVE-2022-40287

CVE-2022-40287: Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields.

Vendor Php Point Of Sale Llc

Product PHP Point of Sale

Weakness CWE-79 · XSS

Published October 31, 2022

Last update May 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.

Key dates

02Disclosure timeline

October 31, 2022 CVE published

May 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40287 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-39270 Arbitrary HTML injection in table-of-contents theme component in DiscoTOC CVE-2024-3931 Totara LMS User Selector check.php cross site scripting CVE-2022-29183 Reflected XSS in GoCD CVE-2025-12964 Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget CVE-2024-4193 Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting