Web Vulnerability Report
ID | EDB-ID-50492 |
CVSS 3.0 | N/A |
Cloudbric Score
?
|
Low |
Cloudbric Detection | Yes |
Vulnerability Type | XSS |
Published Date | 2021-11-03 |
Updated Date | 2022-01-21 |
Vendor | 4.4 |
Description | A persistent cross site web vulnerability has been discovered in the Ultimate POS v4.4 erp stock management web-application. The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser to web-application requests from the application-side. The persistent validation web vulnerability is located in the name parameter of the add products module. Remote attackers with privileges as vendor to add products are able to inject own malicious script codes. The request method to inject is post and the attack vector is persistent. Injects are possible via edit or by a new create of a product. Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected application modules. |
Reference | N/A |
URL Link | https://www.exploit-db.com/exploits/50492/ |
This vulnerability has been detected by Cloudbric!
Block NOW!
ID | Description | Vulnerability Type |
Cloudbric Score
?
|
Updated Date | Detection |
---|
To receive weekly updates on new vulnerabilities added to Threat Index
Subscribe Now