CVE-2025-9921

Name of the Vulnerable Software and Affected Versions code-projects POS Pharmacy System version 1.0

Description A weakness exists in code-projects POS Pharmacy System 1.0, potentially leading to cross-site scripting. The issue is related to the manipulation of the product code, gen name, product name, or supplier arguments within an unknown function of the /main/products.php file. This manipulation can be initiated remotely. The exploit has been made publicly available.

Recommendations As a temporary workaround, consider restricting access to the /main/products.php file to minimize the risk of exploitation. Sanitize the product code, gen name, product name, and supplier arguments before processing them within the affected function.