CVE-2025-66924

CVE-2025-66924 (Open Source Point of Sale 3.4.1) : A Cross-site scripting (XSS) vulnerability exists in Create/Update Item Kit(s) that allows remote attackers to inject arbitrary script/HTML via the name parameter. The root cause is an unvalidated/unsanitized name input in item kit creation/updat...