关键漏洞信息 BUG Author: Alphabug Affected Version: ALL Vendor: itsourcecode Software: Point of Sale System (POS) - Download Link Vulnerability File: Description: - The file contains a vulnerability where it includes JavaScript files from user input without proper validation. - The code snippet shows that the variable is directly included in the HTML output, which can lead to Cross-Site Scripting (XSS) attacks. Payload: - Example payload: - This payload demonstrates how an attacker can inject arbitrary JavaScript code into the page. Conclusion The vulnerability allows for XSS attacks due to improper handling of user input in the file. Attackers can inject malicious scripts, potentially leading to unauthorized access or data theft.