Opensourcepos Open_source_point_of_sale

19 CVEs affecting Opensourcepos Open_source_point_of_sale. Latest disclosed: 2026-04-07. Critical: 0, High: 9.

Top CVEs affecting Opensourcepos Open_source_point_of_sale
CVESeverityScorePublishedSummary
CVE-2026-32888High8.82026-03-20Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items s…
CVE-2026-26746High8.82026-02-20OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the we…
CVE-2025-68434High8.82025-12-17Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and pr…
CVE-2025-68147High8.12025-12-17Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and pr…
CVE-2025-63800High7.52025-11-18The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side valida…
CVE-2025-70093High7.42026-02-13An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.
CVE-2025-66923High7.22025-12-17A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web scr…
CVE-2025-66921High7.22025-12-17A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web…
CVE-2022-34578High7.22022-07-28Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.
CVE-2026-33730Medium6.52026-03-27Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insec…
CVE-2025-70095Medium6.52026-02-13A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web…
CVE-2025-70094Medium6.52026-02-13A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or H…
CVE-2025-70091Medium6.52026-02-13A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via inje…
CVE-2025-66924Medium6.12025-12-17A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web scr…
CVE-2025-70092Medium5.52026-02-12A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via inje…
CVE-2026-32712Medium5.42026-04-07Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (X…
CVE-2026-39380Medium5.42026-04-07Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (X…
CVE-2026-26745Medium5.32026-02-20OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially…
CVE-2025-68658Medium4.32026-01-13Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 ha…