CVE-2025-70091

Medium CVSS: 6.5

A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.

Vendor

Opensourcepos

Product

Open Source Point Of Sale

CWE

CWE-79

Yayın Tarihi

2026-02-13 16:16:10

Güncelleme

2026-02-17 15:00:22

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Open Source Point Of Sale MEDIUM Opensourcepos 2026

Referanslar

https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70091.md https://www.opensourcepos.org https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70091.md

Benzer Kayıtlar

Medium

CVE-2026-33730

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter fram…

Medium

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration…

High

CVE-2026-26746

OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An atta…

Medium

CVE-2025-70095

A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 all…

High

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.

Medium

CVE-2025-70094

A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attacker…