NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2025-41011

Summary	HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' parameters.
Publication Date	April 22, 2026, 1:16 a.m.
Registration Date	April 25, 2026, 4:03 a.m.
Last Update	April 22, 2026, 1:20 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.incibe.es/en/incibe-cert/notices/aviso/html-injection-php-point-sale-0	cve-coordination@incibe.es

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html