Medium severityNVD Advisory· Published Jul 31, 2025· Updated Apr 15, 2026
CVE-2025-40980
CVE-2025-40980
Description
A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products/<PRODUCT_ID>/edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her session cookies details.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.