Filtered by vendor Ultimatefosters
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-40980 | 1 Ultimatefosters | 1 Ultimatepos | 2025-07-31 | N/A |
| A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products/<PRODUCT_ID>/edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her session cookies details. | ||||
| CVE-2018-17139 | 1 Ultimatefosters | 1 Ultimatepos | 2024-11-21 | N/A |
| UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. | ||||
Page 1 of 1.