Vulnerability Details CVE-2022-40289
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.7%
CVSS Severity
CVSS v3 Score 9.0
References
Products affected by CVE-2022-40289
-
cpe:2.3:a:phppointofsale:php_point_of_sale:19.0