Primary

Context

UltimatePOS Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in UltimatePOS by UltimateFosters, specifically in version 6.4. The issue arises from inadequate validation of user inputs on the product editing page, particularly the 'name' parameter submitted via POST. This vulnerability enables remote attackers to send specially crafted queries to authenticated users, potentially allowing them to steal session cookie details.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users can upgrade to UltimatePOS version 6.7 to address this vulnerability.

Added: Jul 31, 2025, 10:23 AM

Updated: Jul 31, 2025, 10:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.9

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.9

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UltimatePOS Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

UltimatePOS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating