VYPR
Medium severity6.1NVD Advisory· Published Apr 21, 2026· Updated May 6, 2026

CVE-2025-41011

CVE-2025-41011

Description

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:phppointofsale:php_point_of_sale:19.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:phppointofsale:php_point_of_sale:19.4:*:*:*:*:*:*:*
    • (no CPE)range: = 19.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.