49 matches found
Open Source Point of Sale 跨站脚本漏洞
Open Source Point of Sale is an open source web-based point of sale system from opensourcepos. A cross-site scripting vulnerability exists in Open Source Point of Sale versions 3.4.0 and 3.4.1, which stems from a stored cross-site script in the configuration function that could cause an...
Exploit for CVE-2025-68147
🛡️ Nixon Advisories Security Research & Vulnerability Dis...
CVE-2025-68434
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery CSRF vulnerability exists in the application's filter configuration. The CSRF protection...
EUVD-2025-204014
Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Cross-Site Request Forgery CSRF vulnerability exists in the application's filter configuration. The CSRF protection...
Exploit for CVE-2025-68434
CVE-2025-68434: CSRF Unauthorized Administrator Creation in Op...
CVE-2025-63800
The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When an authenticated user omits or leaves the password and repeatpassword parameters empty in the password change request, the...
CVE-2022-34578
Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page...
Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos
Description You have not set any CSRF protection for receivings/deleteitem/itemid endpoint. Proof of Concept //PoC.html history.pushState'', '', '/'...
Cross-Site Request Forgery (CSRF) in opensourcepos/opensourcepos
Description Attacker able to delete supplier with CSRF attack Proof of Concept //PoC.html history.pushState'', '', '/'...