Name of the Vulnerable Software and Affected Versions:

UltimatePOS (affected versions not specified)

Description:

A Stored Cross Site Scripting vulnerability exists in UltimatePOS due to inadequate validation of user inputs. The vulnerability affects the `name` parameter via a POST request to the `/products/<PRODUCT ID>/edit` API endpoint. A remote attacker could potentially send a specially crafted query to an authenticated user and steal session cookie details.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.