CVE-2022-40289

CVE-2022-40289: Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality.

Vendor Php Point Of Sale Llc

Product PHP Point of Sale

Weakness CWE-79 · XSS

Published October 31, 2022

Last update May 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.

Key dates

02Disclosure timeline

October 31, 2022 CVE published

May 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40289 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2022-40289: Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality.

01Description

02Disclosure timeline

03References

04Related CVE