CVE-2025-66923

High CVSS: 7.2

A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.

Vendor

Opensourcepos

Product

Open Source Point Of Sale

CWE

CWE-20

Yayın Tarihi

2025-12-17 18:15:48

Güncelleme

2025-12-18 19:52:33

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-20 Open Source Point Of Sale HIGH Opensourcepos 2025

Referanslar

https://github.com/omkaryepre/vulnerability-research/blob/main/CVE-2025-66923/readme.md https://github.com/opensourcepos/opensourcepos https://github.com/omkaryepre/vulnerability-research/blob/main/CVE-2025-66923/readme.md

Benzer Kayıtlar

Medium

CVE-2026-33730

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter fram…

Medium

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration…

High

CVE-2026-26746

OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An atta…

Medium

CVE-2025-70095

A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 all…

Medium

CVE-2025-70091

A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute…

High

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.