πŸ” CVE Alert

CVE-2025-41011

UNKNOWN 0.0

HTML injection in PHP Point Of Sale

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' parameters.

CWE CWE-79
Vendor php point of sale
Product php point of sale
Published Apr 21, 2026
Last Updated Apr 21, 2026
Stay Ahead of the Next One

Get instant alerts for php point of sale php point of sale

Be the first to know when new unknown vulnerabilities affecting php point of sale php point of sale are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

PHP Point Of Sale / PHP Point Of Sale
19.4

References

NVD β†— CVE.org β†— EPSS Data β†—
incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-php-point-sale-0

Credits

Gonzalo Aguilar GarcΓ­a (6h4ack)