CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration)

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...

CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration)

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...

CVE-2026-39380

Open Source Point of Sale (OSPOS) has a Stored XSS in the Stock Locations configuration. Before version 3.4.3, the stock_location input is not properly sanitized, allowing injected JavaScript to be stored in the database and executed when viewing the Employees interface. Affected product: OSPOS (...

Open Source Point of Sale 跨站脚本漏洞

Open Source Point of Sale is an open-source sales point system based on the internet. Versions of Open Source Point of Sale prior to 3.4.3 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the stocklocation parameter input, which could lead to...