CVE-2025-40980

Vulnerability Description

A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products/<PRODUCT_ID>/edit’, affecting to ‘name’ parameter via POST. The vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her session cookies details.

Related Weaknesses (CWE)

CWE-79

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-ulti

FAQ

What is CVE-2025-40980?

CVE-2025-40980 is a documented vulnerability. A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products/<PRODUCT_ID>/edit...

How severe is CVE-2025-40980?

CVSS scoring is not yet available for CVE-2025-40980. Check NVD for updates.

Is there a patch for CVE-2025-40980?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.