Vulnerability Details CVE-2022-40289
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.8%
CVSS Severity
CVSS v3 Score 9.0
References
Products affected by CVE-2022-40289
-
cpe:2.3:a:phppointofsale:php_point_of_sale:19.0