Vulnerabilities > Phppointofsale > PHP Point OF Sale > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-40296 | Server-Side Request Forgery (SSRF) vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems. | 9.8 |
| 2022-10-31 | CVE-2022-40293 | Session Fixation vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to a session fixation that could be used hijack accounts. | 9.8 |
| 2022-10-31 | CVE-2022-40289 | Cross-site Scripting vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files. | 9.0 |
| 2022-10-31 | CVE-2022-40288 | Cross-site Scripting vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile. | 9.0 |
| 2022-10-31 | CVE-2022-40287 | Cross-site Scripting vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account. | 9.0 |