PHP Point of Sale HTML Injection Vulnerability

Vulnerability

A HTML injection vulnerability exists in PHP Point of Sale version 19.4. This issue allows an attacker to inject and render HTML in the browser of a victim. The vulnerability arises from inadequate validation of user input. Exploitation involves sending a request to '/reports/generate/specific_customer' with the 'start_date_formatted' and 'end_date_formatted' parameters.

Impact

Exploitation of this vulnerability allows for HTML injection, which could be used to execute scripts in the context of the user's browser.

Added: Apr 21, 2026, 4:33 PM

Updated: Apr 21, 2026, 4:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.2

exploitability

5.8

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.2

exploitability

5.8

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHP Point of Sale HTML Injection Vulnerability

Vulnerability

Impact

Affected Products

PHP Point Of Sale

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating