Lucene search
K

25 matches found

Vulnrichment
Vulnrichment
added 2026/05/18 11:30 a.m.9 views

CVE-2026-8803 opensourcepos Open Source Point of Sale Employee Login Employee.php login weak hash

A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...

6.3CVSS5.3AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/18 11:30 a.m.14 views

EUVD-2026-30768

A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash. Remote exploitation of the attack is possible. The attack is considered to...

6.3CVSS5.3AI score0.00182EPSS
Exploits0References3
NVD
NVD
added 2026/05/18 11:16 a.m.21 views

CVE-2026-8802

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...

5.3CVSS0.0039EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.14 views

PT-2026-26544

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled search custom filter, user-supplied input from the search GET...

8.8CVSS6.2AI score0.00316EPSS
Exploits1References6
NVD
NVD
added 2025/12/17 6:15 p.m.4 views

CVE-2025-66924

A Cross-site scripting XSS vulnerability in Create/Update Item Kits in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...

6.1CVSS0.00217EPSS
Exploits1References2
NVD
NVD
added 2025/12/17 5:15 p.m.7 views

CVE-2025-66921

A Cross-site scripting XSS vulnerability in Create/Update Items Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...

7.2CVSS0.00465EPSS
Exploits1References2
OSV
OSV
added 2025/12/17 12:0 a.m.4 views

CVE-2025-66924

A Cross-site scripting XSS vulnerability in Create/Update Item Kits in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...

6.1CVSS5.9AI score0.00217EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.6 views

Open Source Point of Sale 安全漏洞

Open Source Point of Sale is an open source web-based point of sale system from opensourcepos. A security vulnerability exists in Open Source Point of Sale version v3.4.1, which stems from improper handling of the name parameter in the Create/Update Items module, which could lead to a cross-site...

7.2CVSS6AI score0.00465EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 12:0 a.m.11 views

CVE-2025-66921

CVE-2025-66921 describes a Cross-site scripting (XSS) vulnerability in the Open Source Point of Sale (OSPOS) v3.4.1, specifically in the Create/Update Item(s) Module. The issue arises from improper handling of the name parameter, allowing remote attackers to inject arbitrary web script or HTML. M...

7.2CVSS5.5AI score0.00465EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-0312

Malware in sbrugna...

4CVSS6.4AI score0.01304EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-37530

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00993EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:2 p.m.4 views

CVE-2022-34578

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page...

7.2CVSS7.6AI score0.00993EPSS
Exploits1References1
NVD
NVD
added 2022/07/28 8:15 p.m.18 views

CVE-2022-34578

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page...

7.2CVSS0.00993EPSS
Exploits1References1
Prion
Prion
added 2022/07/28 8:15 p.m.11 views

Design/Logic Flaw

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page...

5.8CVSS7.1AI score0.00993EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/28 7:38 p.m.25 views

CVE-2022-34578

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page...

7.3AI score0.00993EPSS
Exploits1References1
CVE
CVE
added 2022/07/28 7:38 p.m.75 views

CVE-2022-34578

CVE-2022-34578 affects Open Source Point of Sale (OSPOS) v3.3.7. Reported as an arbitrary file upload vulnerability via the Update Branding Settings page; root cause not detailed in the provided sources beyond the upload flaw. No explicit exploit in the supplied documents; no patch version or wor...

7.2CVSS7.1AI score0.00993EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/07/28 7:38 p.m.18 views

CVE-2022-34578

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page...

7.2CVSS7.5AI score0.00993EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.5 views

Open Source Point of Sale 代码问题漏洞

Open Source Point of Sale is a web-based point of sale system. A security vulnerability exists in Open Source Point of Sale version v3.3.7, which stems from an arbitrary file upload vulnerability discovered via the Update Branding Settings page...

7.2CVSS7.2AI score0.00993EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/07/28 12:0 a.m.4 views

PT-2022-22217 · Unknown · Open Source Point Of Sale

Name of the Vulnerable Software and Affected Versions: Open Source Point of Sale version 3.3.7 Description: The issue is related to an arbitrary file upload vulnerability. This vulnerability can be exploited via the Update Branding Settings page. Recommendations: For Open Source Point of Sale...

7.2CVSS6.9AI score0.00993EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2019/02/25 12:0 a.m.43 views

Open Source Point Of Sale Stored XSS

The Open Source Point of Sale POS application running on the remote web server is vulnerable to a Stored XSS vulnerability. - A Stored cross-site scripting XSS vulnerability exists due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker ca...

4CVSS5.4AI score0.01304EPSS
Exploits0References4
Rows per page
Query Builder