EUVD-2025-204017

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Starting in version 3.4.0 and prior to version 3.4.2, a Stored Cross-Site Scripting XSS vulnerability exists in the "Return Policy" configuration field. The application doe...

Cross-site Scripting in tempura

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

Cross-Site Scripting (XSS)

tempura is vulnerable to cross-site scripting XSS attacks. An attacker is able to inject malicious object type inputs to the esc function resulting in a potential cross-site scripting vulnerability due to the lack of sanitations inside the function...

Cross site scripting

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

Cross-site Scripting (XSS)

Overview tempura is an A light, crispy, and delicious template engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site...