Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66921 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2025-12-17 | 7.2 High |
| A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter. | ||||
| CVE-2025-66924 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2025-12-17 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter. | ||||
| CVE-2025-66923 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2025-12-17 | 7.2 High |
| A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the phone_number parameter. | ||||
| CVE-2025-63800 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2025-11-19 | 7.5 High |
| The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the `password` and `repeat_password` parameters empty in the password change request, the backend still returns a successful response and sets the password to an empty string. This effectively disables authentication and may allow unauthorized access to user or administrative accounts. | ||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2024-11-21 | 7.2 High |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | ||||
Page 1 of 1.