Opensourcepos

Open Source Point Of Sale

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-26746

Exploit
  • EPSS 0.25%
  • Veröffentlicht 20.02.2026 00:00:00
  • Zuletzt bearbeitet 24.02.2026 20:42:28

OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the...

5.3

CVE-2026-26745

Exploit
  • EPSS 0.05%
  • Veröffentlicht 20.02.2026 00:00:00
  • Zuletzt bearbeitet 24.02.2026 20:45:24

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed...

6.5

CVE-2025-70094

Exploit
  • EPSS 0.04%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 14:59:24

A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.

6.5

CVE-2025-70091

Exploit
  • EPSS 0.04%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 15:00:22

A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.

7.4

CVE-2025-70093

Exploit
  • EPSS 0.06%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 14:59:41

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.

6.5

CVE-2025-70095

Exploit
  • EPSS 0.04%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 14:59:05

A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

5.5

CVE-2025-70092

Exploit
  • EPSS 0.01%
  • Veröffentlicht 12.02.2026 00:00:00
  • Zuletzt bearbeitet 18.02.2026 15:45:45

A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter.

4.8

CVE-2025-68658

  • EPSS 0.03%
  • Veröffentlicht 13.01.2026 21:25:57
  • Zuletzt bearbeitet 21.01.2026 18:40:12

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. An au...

8.8

CVE-2025-68434

Exploit
  • EPSS 0.13%
  • Veröffentlicht 17.12.2025 22:20:12
  • Zuletzt bearbeitet 18.12.2025 19:45:54

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery (CSRF) vulnerability exists in the appli...

8.1

CVE-2025-68147

Exploit
  • EPSS 0.05%
  • Veröffentlicht 17.12.2025 22:16:36
  • Zuletzt bearbeitet 18.12.2025 19:53:06

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting (XSS) vulnerability exists in the "Retu...