CVE-2022-40290

CVE-2022-40290: Reflected cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

Vendor Php Point Of Sale Llc

Product PHP Point of Sale

Weakness CWE-79 · XSS

Published October 31, 2022

Last update May 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users.

Key dates

02Disclosure timeline

October 31, 2022 CVE published

May 6, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-40290 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2022-40290: Reflected cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

01Description

02Disclosure timeline

03References

04Related CVE