CVE-2025-67263 — MEDIUM (6.1)

Vulnerability Description

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS) vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these fields, which, persisted in the database.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Abacre	Retail Point Of Sale	14.0.0.396

Related Weaknesses (CWE)

CWE-79

References

https://packetstorm.news/files/id/214045/Third Party Advisory
https://www.abacre.com/retailpointofsale/Product

FAQ

What is CVE-2025-67263?

CVE-2025-67263 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS) vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in ...

How severe is CVE-2025-67263?

CVE-2025-67263 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-67263?

Check the references section above for vendor advisories and patch information. Affected products include: Abacre Retail Point Of Sale.