CVE-2025-40980 – UltimateFosters UltimatePOS Stored Cross Site Scripting

CVE ID : CVE-2025-40980

Published : July 31, 2025, 10:15 a.m. | 1 hour, 17 minutes ago

Description : A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products//edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her session cookies details.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…