- Description
- HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y 'end_date_formatted' parameters.
- Source
- cve-coordination@incibe.es
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 5.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
- cve-coordination@incibe.es
- CWE-79
- Hype score
- Not currently trending
🚨*CVE* CVE-2025-41011 HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validati… https://t.co/YC9rxWe5P4 ----- Traducción: CVE-2025-41011 vul… https://t.co/utmtNg
@infoflowcloud
21 Apr 2026
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41011 HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validati… https://t.co/GJNN7FjXlb
@CVEnew
21 Apr 2026
121 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️#INCIBEaviso | Inyección SQL en Zeon Academy Pro de #ZeonGlobalTech #CVE CVE-2025-41011 https://t.co/r7rNeXWH4G #AvisosDeSeguridad #TI #CNA #0day
@incibe_cert
21 Apr 2026
456 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️#INCIBEaviso | Inyección HTML en #PHPPointOfSale #CVE CVE-2025-41011 https://t.co/pPXkublL2i #AvisosDeSeguridad #TI #CNA #0day
@incibe_cert
21 Apr 2026
341 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes