N/A

A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.

N/A

N/A

Ultimate Fosters UltimatePOS 安全漏洞

Ultimate Fosters UltimatePOS是Ultimate Fosters公司的一个产品管理和POS收银系统。 Ultimate Fosters UltimatePOS 4.8版本存在安全漏洞，该漏洞源于管理界面中purchase功能提交的输入在admin log panel页面的reference No字段未正确转义，可能导致跨站脚本攻击。

N/A

N/A