Lucene search
K

49 matches found

CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Open Source Point of Sale 跨站脚本漏洞

Open Source Point of Sale is an open source web-based point of sale system from opensourcepos. A cross-site scripting vulnerability exists in Open Source Point of Sale versions 3.4.0 and 3.4.1, which stems from a stored cross-site script in the configuration function that could cause an...

4.8CVSS5.6AI score0.0018EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/12/18 3:49 p.m.183 views

Exploit for CVE-2025-68147

🛡️ Nixon Advisories Security Research & Vulnerability Dis...

8.8CVSS5.8AI score0.00309EPSS
Exploits6
NVD
NVD
added 2025/12/17 11:16 p.m.10 views

CVE-2025-68434

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery CSRF vulnerability exists in the application's filter configuration. The CSRF protection...

8.8CVSS0.00236EPSS
Exploits4References4
EUVD
EUVD
added 2025/12/17 10:20 p.m.8 views

EUVD-2025-204014

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery CSRF vulnerability exists in the application's filter configuration. The CSRF protection...

8.8CVSS6.6AI score0.00236EPSS
Exploits4References4
GithubExploit
GithubExploit
added 2025/12/17 5:37 p.m.212 views

Exploit for CVE-2025-68434

CVE-2025-68434: CSRF Unauthorized Administrator Creation in Op...

6.8AI score0.00309EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2025/11/19 2:10 p.m.6 views

CVE-2025-63800

The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the password and repeatpassword parameters empty in the password change request, the...

7.5CVSS6.8AI score0.00417EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/07/28 8:15 p.m.1 views

CVE-2022-34578

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page...

7.2CVSS6AI score0.00993EPSS
Exploits1References2
Huntr
Huntr
added 2021/10/04 8:3 p.m.18 views

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description You have not set any CSRF protection for receivings/deleteitem/itemid endpoint. Proof of Concept //PoC.html history.pushState'', '', '/'...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/10/04 4:8 p.m.11 views

Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos

Description Attacker able to delete supplier with CSRF attack Proof of Concept //PoC.html history.pushState'', '', '/'...

2.3AI score
Exploits0
Rows per page
Query Builder