Search
Search Results (7 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26746 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-02-24 | 8.8 High |
| OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the web server by manipulating the Invoice Type configuration. This issue can be chained with the file upload functionality to achieve Remote Code Execution (RCE). | ||||
| CVE-2026-26745 | 1 Opensourcepos | 1 Opensourcepos | 2026-02-23 | 5.3 Medium |
| OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or parameter binding. This allows an attacker with access to modify the currency_symbol value to inject arbitrary SQL expressions, which are executed when the affected query is subsequently processed. | ||||
| CVE-2025-70092 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-02-18 | 5.5 Medium |
| A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter. | ||||
| CVE-2025-70091 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-02-17 | 6.5 Medium |
| A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter. | ||||
| CVE-2025-70093 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-02-17 | 7.4 High |
| An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. | ||||
| CVE-2025-70094 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-02-17 | 6.5 Medium |
| A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter. | ||||
| CVE-2025-70095 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-02-17 | 6.5 Medium |
| A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | ||||
Page 1 of 1.