3 matches found
CVE-2025-68658 Open Source Point of Sale (opensourcepos) Stored XSS in Configuration (Information) – Company Name field
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration Information functionality. An authenticated user with the permission “Configuration...
CVE-2025-68658
CVE-2025-68658 affects Open Source Point of Sale (opensourcepos) 3.4.0–3.4.1. It is a stored XSS in the Configuration → Information workflow: an authenticated user with the permission “Configuration: Change OSPOS's Configuration” can inject JavaScript into the Company Name field; the payload is s...
Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-1204)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1204 advisory. REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be...