CVE-2025-66924

Medium CVSS: 6.1

A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.

Vendor

Opensourcepos

Product

Open Source Point Of Sale

CWE

CWE-79

Yayın Tarihi

2025-12-17 18:15:49

Güncelleme

2025-12-18 19:52:51

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Open Source Point Of Sale MEDIUM Opensourcepos 2025

Referanslar

https://github.com/omkaryepre/vulnerability-research/blob/main/CVE-2025-66924/readme.md https://github.com/opensourcepos/opensourcepos https://github.com/omkaryepre/vulnerability-research/blob/main/CVE-2025-66924/readme.md

Benzer Kayıtlar

Medium

CVE-2026-33730

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter fram…

Medium

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration…

High

CVE-2026-26746

OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An atta…

Medium

CVE-2025-70095

A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 all…

Medium

CVE-2025-70091

A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute…

High

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.