Vulnerabilities > Phppointofsale > PHP Point OF Sale > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-40290 | Cross-site Scripting vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users. | 6.1 |
| 2022-10-31 | CVE-2022-40292 | Information Exposure Through an Error Message vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system. | 5.3 |
| 2022-10-31 | CVE-2022-40295 | Missing Encryption of Sensitive Data vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks. | 4.9 |