Phppointofsale Php Point Of Sale — known CVE vulnerabilities
Every CVE whose affected-product data names Phppointofsale Php Point Of Sale, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2022-40296 — CVSS 9.8 (critical): The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints…
CVE-2022-40287 — CVSS 9.0 (critical): The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality…
CVE-2022-40288 — CVSS 9.0 (critical): The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be…
CVE-2022-40289 — CVSS 9.0 (critical): The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could…
CVE-2022-40294 — CVSS 8.8 (high): The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within…
CVE-2022-40291 — CVSS 8.8 (high): The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious…
CVE-2025-41011 — CVSS 6.1 (medium): HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due…
CVE-2022-40290 — CVSS 6.1 (medium): The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation…
CVE-2022-40292 — CVSS 5.3 (medium): The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each…
CVE-2011-3785 — CVSS 5.0 (medium): PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the…
CVE-2022-40295 — CVSS 4.9 (medium): The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which…