CVE-2025-56382

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions LionCoders SalePro POS version 5.4.8

Description A stored Cross-site scripting (XSS) issue exists within the Customer Management Module. An authenticated attacker can inject arbitrary web script or HTML through the Customer Name parameter during customer profile creation or modification. Improper sanitization of this input before storage and rendering results in script execution in the browsers of users viewing the affected customer details.

Recommendations Apply updates to address the improper sanitization of the Customer Name parameter in the Customer Management Module.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-56382

Affected Products

Salepro Pos

CVE-2025-56382

Weakness Enumeration

Related Identifiers

Affected Products

References · 7