4 matches found
CVE-2026-39380
Open Source Point of Sale (OSPOS) has a Stored XSS in the Stock Locations configuration. Before version 3.4.3, the stock_location input is not properly sanitized, allowing injected JavaScript to be stored in the database and executed when viewing the Employees interface. Affected product: OSPOS (...
CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration)
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...
CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration)
Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Stock Locations configuration feature. The application fails to properly sanitize user input supplied throug...
Open Source Point of Sale 跨站脚本漏洞
Open Source Point of Sale is an open-source sales point system based on the internet. Versions of Open Source Point of Sale prior to 3.4.3 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the stocklocation parameter input, which could lead to...