Opensourcepos

Open Source Point Of Sale

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2025-70093

Exploit
  • EPSS 0.34%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 14:59:41

An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.

6.5

CVE-2025-70094

Exploit
  • EPSS 0.16%
  • Veröffentlicht 13.02.2026 00:00:00
  • Zuletzt bearbeitet 17.02.2026 14:59:24

A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.

5.5

CVE-2025-70092

Exploit
  • EPSS 0.2%
  • Veröffentlicht 12.02.2026 00:00:00
  • Zuletzt bearbeitet 18.02.2026 15:45:45

A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter.

4.8

CVE-2025-68658

  • EPSS 0.18%
  • Veröffentlicht 13.01.2026 21:25:57
  • Zuletzt bearbeitet 21.01.2026 18:40:12

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. An au...

8.8

CVE-2025-68434

Exploit
  • EPSS 0.24%
  • Veröffentlicht 17.12.2025 22:20:12
  • Zuletzt bearbeitet 18.12.2025 19:45:54

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery (CSRF) vulnerability exists in the appli...

8.1

CVE-2025-68147

Exploit
  • EPSS 0.31%
  • Veröffentlicht 17.12.2025 22:16:36
  • Zuletzt bearbeitet 18.12.2025 19:53:06

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting (XSS) vulnerability exists in the "Retu...

6.1

CVE-2025-66924

Exploit
  • EPSS 0.22%
  • Veröffentlicht 17.12.2025 00:00:00
  • Zuletzt bearbeitet 18.12.2025 19:52:51

A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.

7.2

CVE-2025-66923

Exploit
  • EPSS 0.47%
  • Veröffentlicht 17.12.2025 00:00:00
  • Zuletzt bearbeitet 18.12.2025 19:52:33

A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter.

7.2

CVE-2025-66921

Exploit
  • EPSS 0.47%
  • Veröffentlicht 17.12.2025 00:00:00
  • Zuletzt bearbeitet 18.12.2025 19:52:17

A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.

7.5

CVE-2025-63800

Exploit
  • EPSS 0.41%
  • Veröffentlicht 18.11.2025 00:00:00
  • Zuletzt bearbeitet 19.12.2025 16:51:22

The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the `password` and `repeat_password` param...