CNNVD-202602-030 Information

CNNVD ID

CNNVD-202602-030

Related CVE

CVE-2021-47908

• CNNVD Published: 2026-02-01

Description (Chinese)

The Web Fosters Ultimate POS是印度The Web Fosters公司的一个综合销售点挂历系统。 The Web Fosters Ultimate POS 4.4版本存在跨站脚本漏洞，该漏洞源于产品名称参数存在持久性跨站脚本漏洞，可能导致远程攻击者注入恶意脚本。

Description (English)

The Web Foster Ultimate POS is a comprehensive sales point hanger system for The Web Fosters in India. The Web Foster Ultimate POS 4.4 has a cross-site script loophole, which stems from a persistent cross-site script gap in product name parameters, which may result in the injection of malicious scripts by remote assailants.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

The Web Fosters

Published

2026-02-01

Last Modified

2026-02-24

References

https://ultimatefosters.com/docs/ultimatepos/ https://www.vulncheck.com/advisories/ultimate-pos-persistent-cross-site-scripting-via-product-name https://www.vulnerability-lab.com/get_content.php?id=2296