CVE-2025-70093

High CVSS: 7.4

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.

Vendor

Product

CWE

Yayın Tarihi

2026-02-13 16:16:10

Güncelleme

2026-02-17 14:59:41

Source Identifier

cve@mitre.org

KEV Date Added

CWE-77 Open Source Point Of Sale HIGH Opensourcepos 2026

https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70093.md https://github.com/opensourcepos/opensourcepos/pull/4357 https://www.opensourcepos.org

Medium

CVE-2026-33730

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter fram…

Medium

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration…

High

CVE-2026-26746

OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An atta…

Medium

CVE-2025-70095

A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 all…

Medium

CVE-2025-70091

A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute…

Medium

CVE-2025-70094

A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attacker…