Opensourcepos

Open Source Point Of Sale

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-32712

Exploit
  • EPSS 0.02%
  • Veröffentlicht 07.04.2026 20:37:30
  • Zuletzt bearbeitet 14.04.2026 18:45:18

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sales management table. The customer_name column is c...

5.4

CVE-2026-39380

  • EPSS 0.03%
  • Veröffentlicht 07.04.2026 19:49:13
  • Zuletzt bearbeitet 08.04.2026 21:27:00

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Stock Locations configuration feature. The application fail...

6.5

CVE-2026-33730

Exploit
  • EPSS 0.03%
  • Veröffentlicht 27.03.2026 00:30:02
  • Zuletzt bearbeitet 01.04.2026 15:05:18

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows an authenticated low-privileged use...

8.8

CVE-2026-32888

Exploit
  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 03:15:59
  • Zuletzt bearbeitet 08.04.2026 20:54:00

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled (search_custom fil...

5.3

CVE-2026-26745

Exploit
  • EPSS 0.06%
  • Veröffentlicht 20.02.2026 00:00:00
  • Zuletzt bearbeitet 24.02.2026 20:45:24

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed...

8.8

CVE-2026-26746

Exploit
  • EPSS 0.29%
  • Veröffentlicht 20.02.2026 00:00:00
  • Zuletzt bearbeitet 24.02.2026 20:42:28

OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the...

6.5

CVE-2025-70094

Exploit
  • EPSS 0.04%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 14:59:24

A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.

6.5

CVE-2025-70095

Exploit
  • EPSS 0.05%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 14:59:05

A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

7.4

CVE-2025-70093

Exploit
  • EPSS 0.08%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 14:59:41

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.

6.5

CVE-2025-70091

Exploit
  • EPSS 0.05%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 15:00:22

A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.