Unrated severityNVD Advisory· Published Oct 6, 2025· Updated Oct 6, 2025

CVE-2025-56382

Description

A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing customer profiles. This malicious input is improperly sanitized before storage and subsequent rendering, leading to script execution in the browsers of users who view the affected customer details.

Affected products

LionCoders/SalePro POSdescription
LionCoders/SalePro POSllm-create
Range: = 5.4.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Auspicious-Rook/Vulnerability-Research/tree/main/CVE-2025-56382mitre
preview.codecanyon.net/item/lims-stock-manager-pro-with-pos/full_screen_preview/22256829mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000