Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ultimate Fosters UltimatePOS 安全漏洞
Vulnerability Description
Ultimate Fosters UltimatePOS是Ultimate Fosters公司的一个产品管理和POS收银系统。 Ultimate Fosters UltimatePOS 4.8版本存在安全漏洞,该漏洞源于管理界面中purchase功能提交的输入在admin log panel页面的reference No字段未正确转义,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A