2 matches found
CVE-2025-70092
OpenSourcePOS v3.4.1 is affected by a cross-site scripting (XSS) vulnerability in the Item Kits function. The issue allows an attacker to inject arbitrary web scripts or HTML by supplying a crafted payload into the Item Name parameter, due to insufficient input handling. Impact is described as XS...
CVE-2025-70092
A cross-site scripting XSS vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter...