CVE-2025-41011

Published: Apr 21, 2026

Modified: Apr 21, 2026

PUBLISHED

Description

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' parameters.

Vendor	Product	Versions
PHP Point Of Sale	PHP Point Of Sale	affected `19.4`

Weaknesses (CWE)

CWE-79

References

https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-php-point-sale-0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-41011

Description

Affected Products

Weaknesses (CWE)

References