Opensourcepos Open_source_point_of_sale
19 CVEs affecting Opensourcepos Open_source_point_of_sale. Latest disclosed: 2026-04-07. Critical: 0, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32888 | High | 8.8 | 2026-03-20 | Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items s… |
CVE-2026-26746 | High | 8.8 | 2026-02-20 | OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read arbitrary files on the we… |
CVE-2025-68434 | High | 8.8 | 2025-12-17 | Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and pr… |
CVE-2025-68147 | High | 8.1 | 2025-12-17 | Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and pr… |
CVE-2025-63800 | High | 7.5 | 2025-11-18 | The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side valida… |
CVE-2025-70093 | High | 7.4 | 2026-02-13 | An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. |
CVE-2025-66923 | High | 7.2 | 2025-12-17 | A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web scr… |
CVE-2025-66921 | High | 7.2 | 2025-12-17 | A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web… |
CVE-2022-34578 | High | 7.2 | 2022-07-28 | Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. |
CVE-2026-33730 | Medium | 6.5 | 2026-03-27 | Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insec… |
CVE-2025-70095 | Medium | 6.5 | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web… |
CVE-2025-70094 | Medium | 6.5 | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or H… |
CVE-2025-70091 | Medium | 6.5 | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via inje… |
CVE-2025-66924 | Medium | 6.1 | 2025-12-17 | A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web scr… |
CVE-2025-70092 | Medium | 5.5 | 2026-02-12 | A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via inje… |
CVE-2026-32712 | Medium | 5.4 | 2026-04-07 | Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (X… |
CVE-2026-39380 | Medium | 5.4 | 2026-04-07 | Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (X… |
CVE-2026-26745 | Medium | 5.3 | 2026-02-20 | OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially… |
CVE-2025-68658 | Medium | 4.3 | 2026-01-13 | Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 ha… |