CVE-2025-60503

Name of the Vulnerable Software and Affected Versions ultimatefosters UltimatePOS version 4.8

Description A cross-site scripting (XSS) flaw exists in the administrative interface of the software. Input provided in the purchase functionality is reflected without proper sanitization in the admin log panel page, specifically within the 'reference No.' field. This allows an authenticated attacker to inject and execute arbitrary JavaScript code within an administrator's browser session, potentially leading to session hijacking or other malicious activities.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.