CVE-2021-47908

Name of the Vulnerable Software and Affected Versions Ultimate POS version 4.4

Description Ultimate POS version 4.4 is affected by a persistent cross-site scripting issue. Remote attackers can inject malicious scripts through the product name parameter. This can be exploited via product add or edit functions, potentially allowing execution of arbitrary JavaScript and hijacking of user sessions.

Recommendations Apply any available updates or patches for Ultimate POS version 4.4. As a temporary workaround, sanitize the product name parameter to prevent the injection of malicious scripts.