{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-10776", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-09-21T08:32:45.752Z", "datePublished": "2025-09-22T01:32:06.266Z", "dateUpdated": "2025-09-22T15:56:18.971Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-22T01:32:06.266Z"}, "title": "LionCoders SalePro POS Login cleartext transmission", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-319", "lang": "en", "description": "Cleartext Transmission of Sensitive Information"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-310", "lang": "en", "description": "Cryptographic Issues"}]}], "affected": [{"vendor": "LionCoders", "product": "SalePro POS", "versions": [{"version": "5.0", "status": "affected"}, {"version": "5.1", "status": "affected"}, {"version": "5.2", "status": "affected"}, {"version": "5.3", "status": "affected"}, {"version": "5.4", "status": "affected"}, {"version": "5.5.0", "status": "affected"}], "modules": ["Login"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in LionCoders SalePro POS bis 5.5.0 gefunden. Es ist betroffen eine unbekannte Funktion der Komponente Login. Durch Beeinflussen mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-09-21T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-09-21T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-09-21T10:37:53.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "JaredLoo (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.325132", "name": "VDB-325132 | LionCoders SalePro POS Login cleartext transmission", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.325132", "name": "VDB-325132 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.650795", "name": "Submit #650795 | LionCoders SalePro POS 5.5.0 Cleartext Transmission of Sensitive Information", "tags": ["third-party-advisory"]}, {"url": "https://github.com/PlsRevert/CVEs/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/PlsRevert/CVEs/issues/1#issue-3398101584", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"references": [{"url": "https://github.com/PlsRevert/CVEs/issues/1#issue-3398101584", "tags": ["exploit"]}, {"url": "https://github.com/PlsRevert/CVEs/issues/1", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-22T15:56:10.671486Z", "id": "CVE-2025-10776", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-22T15:56:18.971Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10776", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-22T15:56:10.671486Z"}}}], "references": [{"url": "https://github.com/PlsRevert/CVEs/issues/1#issue-3398101584", "tags": ["exploit"]}, {"url": "https://github.com/PlsRevert/CVEs/issues/1", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-22T15:56:03.585Z"}}], "cna": {"title": "LionCoders SalePro POS Login cleartext transmission", "credits": [{"lang": "en", "type": "reporter", "value": "JaredLoo (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "LionCoders", "modules": ["Login"], "product": "SalePro POS", "versions": [{"status": "affected", "version": "5.0"}, {"status": "affected", "version": "5.1"}, {"status": "affected", "version": "5.2"}, {"status": "affected", "version": "5.3"}, {"status": "affected", "version": "5.4"}, {"status": "affected", "version": "5.5.0"}]}], "timeline": [{"lang": "en", "time": "2025-09-21T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-09-21T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-09-21T10:37:53.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.325132", "name": "VDB-325132 | LionCoders SalePro POS Login cleartext transmission", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.325132", "name": "VDB-325132 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.650795", "name": "Submit #650795 | LionCoders SalePro POS 5.5.0 Cleartext Transmission of Sensitive Information", "tags": ["third-party-advisory"]}, {"url": "https://github.com/PlsRevert/CVEs/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/PlsRevert/CVEs/issues/1#issue-3398101584", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in LionCoders SalePro POS bis 5.5.0 gefunden. Es ist betroffen eine unbekannte Funktion der Komponente Login. Durch Beeinflussen mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "Cleartext Transmission of Sensitive Information"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-310", "description": "Cryptographic Issues"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-09-22T01:32:06.266Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10776", "state": "PUBLISHED", "dateUpdated": "2025-09-22T15:56:18.971Z", "dateReserved": "2025-09-21T08:32:45.752Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-09-22T01:32:06.266Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-10776", "lastModified": "2025-09-22T21:23:01.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-09-22T02:15:35.700", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/PlsRevert/CVEs/issues/1"}, {"source": "cna@vuldb.com", "url": "https://github.com/PlsRevert/CVEs/issues/1#issue-3398101584"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.325132"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.325132"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.650795"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/PlsRevert/CVEs/issues/1"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/PlsRevert/CVEs/issues/1#issue-3398101584"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}, {"lang": "en", "value": "CWE-319"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"created": "2025-09-22T09:58:40.049028+00:00", "updated": "2025-09-22T09:58:40.049084+00:00", "vendors": ["lioncoders", "lioncoders$PRODUCT$salepro_pos"]}