Headline
CVE-2022-40290: Reflected cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.
The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users.
Discovered by Edward Prior on behalf of The Missing Link Security
Vulnerability Details
The application was found to be vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality. Allowing attackers to generate an unsafe link that could compromise users who click on the unsafe link.
Affected Versions
Discovered in: 19.0
Fixed Versions
Fixed In: 19.0 minor release