2017-04-01 01:07:00
mitre
PUBLISHED
A Cross-Site Scripting (XSS) was discovered in wallacepos v1.4.1. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the wallacepos-master/myaccount/resetpassword.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.