CVE-2025-40980 | UltimateFosters UltimatePOS 6.4; Query /products//edit Name cross site scripting

Inserito da Angelo Barbosa | Lug 31, 2025 | CVE

A vulnerability, which was classified as problematic, was found in UltimateFosters UltimatePOS 6.4;. This affects an unknown part of the file /products//edit of the component Query Handler. The manipulation of the argument Name leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2025-40980. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-40980 | UltimateFosters UltimatePOS 6.4; Query /products//edit Name cross site scripting

Post correlati

CVE-2025-0194 | GitLab Community Edition/Enterprise Edition up to 17.5.0/17.6.0/17.7.0 API Request file information disclosure (Issue 489459)

Checkmk UI denial of service

CVE-2024-29897 | miraheze CreateWiki REST API Special:RequestWikiQueue information disclosure

CVE-2025-20646 | MediaTek MT6890/MT7915/MT7916/MT7981/MT7986 WLAN AP FW out-of-bounds write (MSV-1803)