PHP Point of Sale — Vulnerabilities & Security Advisories 11

All 11 CVE vulnerabilities found in PHP Point of Sale, with AI-generated Chinese analysis, references, and POCs.

Vendor: PHP Point of Sale LLC

CVE ID	Title	CVSS	Severity	Published
CVE-2025-41011	HTML injection in PHP Point Of Sale CWE-79	5.4^AI	Medium^AI	2026-04-21
CVE-2022-40294	CSV Injection in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC CWE-1236	8.8	-	2022-10-31
CVE-2022-40290	Reflected cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. CWE-79	6.1	-	2022-10-31
CVE-2022-40295	Authenticated sensitive information disclosure in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. CWE-916	4.9	-	2022-10-31
CVE-2022-40287	Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields. CWE-79	9.0	-	2022-10-31
CVE-2022-40296	Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. CWE-918	10.0	-	2022-10-31
CVE-2022-40289	Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality. CWE-79	9.0	-	2022-10-31
CVE-2022-40292	Unauthenticated username enumeration in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. CWE-209	5.3	-	2022-10-31
CVE-2022-40291	Cross-site request forgery (CSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC CWE-352	8.8	-	2022-10-31
CVE-2022-40293	Session fixation in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. CWE-384	8.1	-	2022-10-31
CVE-2022-40288	Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via messaging functionality CWE-79	9.0	-	2022-10-31

All 11 known CVE vulnerabilities affecting PHP Point of Sale with full Chinese analysis, references, and POCs where available.