CVE-2025-70092

Medium CVSS: 5.5

A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter.

Vendor

Opensourcepos

Product

Open Source Point Of Sale

CWE

CWE-79

Yayın Tarihi

2026-02-12 23:16:09

Güncelleme

2026-02-18 15:45:45

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Open Source Point Of Sale MEDIUM Opensourcepos 2026

Referanslar

https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70092.md

Benzer Kayıtlar

Medium

CVE-2026-33730

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter fram…

Medium

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration…

High

CVE-2026-26746

OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An atta…

Medium

CVE-2025-70095

A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 all…

Medium

CVE-2025-70091

A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute…

High

CVE-2025-70093

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.