Detections
Analytics

CVE-2021-47908

medium

Description

Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user sessions.

References

https://www.vulnerability-lab.com/get_content.php?id=2296

https://www.vulncheck.com/advisories/ultimate-pos-persistent-cross-site-scripting-via-product-name

https://ultimatefosters.com/docs/ultimatepos/

Details

Source: Mitre, NVD

Published: 2026-02-01

Updated: 2026-02-01

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Severity: Medium