Opensourcepos

Open Source Point Of Sale

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.7

CVE-2026-8803

  • EPSS 0.18%
  • Veröffentlicht 18.05.2026 11:30:08
  • Zuletzt bearbeitet 18.05.2026 19:20:20

A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the at...

4.3

CVE-2026-8802

  • EPSS 0.39%
  • Veröffentlicht 18.05.2026 10:00:14
  • Zuletzt bearbeitet 18.05.2026 19:20:20

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic_filename results in path traversal. The attac...

5.4

CVE-2026-32712

Exploit
  • EPSS 0.17%
  • Veröffentlicht 07.04.2026 20:37:30
  • Zuletzt bearbeitet 14.04.2026 18:45:18

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sales management table. The customer_name column is c...

5.4

CVE-2026-39380

Exploit
  • EPSS 0.16%
  • Veröffentlicht 07.04.2026 19:49:13
  • Zuletzt bearbeitet 24.04.2026 17:51:06

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Stock Locations configuration feature. The application fail...

6.5

CVE-2026-33730

Exploit
  • EPSS 0.28%
  • Veröffentlicht 27.03.2026 00:30:02
  • Zuletzt bearbeitet 01.04.2026 15:05:18

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows an authenticated low-privileged use...

8.8

CVE-2026-32888

Exploit
  • EPSS 0.32%
  • Veröffentlicht 20.03.2026 03:15:59
  • Zuletzt bearbeitet 08.04.2026 20:54:00

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled (search_custom fil...

5.3

CVE-2026-26745

Exploit
  • EPSS 0.3%
  • Veröffentlicht 20.02.2026 00:00:00
  • Zuletzt bearbeitet 24.02.2026 20:45:24

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed...

8.8

CVE-2026-26746

Exploit
  • EPSS 0.58%
  • Veröffentlicht 20.02.2026 00:00:00
  • Zuletzt bearbeitet 24.02.2026 20:42:28

OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the...

6.5

CVE-2025-70091

Exploit
  • EPSS 0.16%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 15:00:22

A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.

6.5

CVE-2025-70095

Exploit
  • EPSS 0.16%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 14:59:05

A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.