CVE-2022-40288

CVE-2022-40288: Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via messaging functionality

Vendor Php Point Of Sale Llc

Product PHP Point of Sale

Weakness CWE-79 · XSS

Published October 31, 2022

Last update May 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.

Key dates

02Disclosure timeline

October 31, 2022 CVE published

May 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40288

Related vulnerabilities

04Related CVE

CVE-2025-0805 Mortgage Calculator / Loan Calculator <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-36207 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2022-37412 WordPress Better Delete Revision plugin <= 1.6.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field CVE-2026-34932 hoppscotch: Stored XSS via mock server responses on backend origin