Unrated severityNVD Advisory· Published Nov 3, 2025· Updated Nov 3, 2025
CVE-2025-60503
CVE-2025-60503
Description
A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which could lead to session hijacking or other malicious actions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 4.8
Patches
Vulnerability mechanics
References
1- ultimatefosters.commitre
News mentions
0No linked articles in our index yet.