CNNVD-202511-071 Information

CNNVD ID

CNNVD-202511-071

Related CVE

CVE-2025-60503

• CNNVD Published: 2025-11-03

Description (Chinese)

Ultimate Fosters UltimatePOS是Ultimate Fosters公司的一个产品管理和POS收银系统。 Ultimate Fosters UltimatePOS 4.8版本存在安全漏洞，该漏洞源于管理界面中purchase功能提交的输入在admin log panel页面的reference No字段未正确转义，可能导致跨站脚本攻击。

Description (English)

Ultimate Fosters UltimatePOS is a product management and POS cashier system of Ultimate Fosters. There is a security loophole in version 4.8 of Ultimate Fosters UltimatePOS, which results from an incorrect transfer of the non-reference field submitted in the management interface by the purchase function on the admin logpanel page, which may lead to a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Ultimate Fosters

Published

2025-11-03

Last Modified

2026-02-24

References

https://github.com/H4zaz/CVE-2025-60503 https://ultimatefosters.com https://access.redhat.com/security/cve/cve-2025-60503