Web Vulnerability Report

Vulnerability Index
ID EDB-ID-50492
CVSS 3.0 N/A
Cloudbric Score
?
Low
Cloudbric Detection Yes
Vulnerability Type XSS
Published Date 2021-11-03
Updated Date 2022-01-21
Vendor 4.4
Description A persistent cross site web vulnerability has been discovered in the Ultimate POS v4.4 erp stock management web-application. The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser to web-application requests from the application-side. The persistent validation web vulnerability is located in the name parameter of the add products module. Remote attackers with privileges as vendor to add products are able to inject own malicious script codes. The request method to inject is post and the attack vector is persistent. Injects are possible via edit or by a new create of a product. Successful exploitation of the vulnerabilities results in session hijacking, persistent phishing attacks, persistent external redirects to malicious source and persistent manipulation of affected application modules.
Reference N/A
URL Link
Threat Index Table
ID Description Vulnerability Type
Cloudbric Score
?
Updated Date Detection

To receive weekly updates on new vulnerabilities added to Threat Index

Subscribe Now