CVE-2025-40724 MEDIUM

CVE-2025-40724: Stored Cross-Site Scripting (XSS) in Pharmacy POS PHP Script

Vendor Pharmacy Pos Php Script
Product Pharmacy POS PHP Script
Weakness CWE-79 · XSS
Published July 16, 2025
Last update July 16, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Stored Cross-Site Scripting (XSS) vulnerability in Pharmacy POS PHP Script. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the u_medicine_name parameter in /edit_medicine.php. This vulnerability can be exploited to steal sensitive user data such as session cookies or to perform actions on behalf of the user.

Key dates

02Disclosure timeline

July 16, 2025 CVE published
July 16, 2025 Record updated