Unknown · Open Source Point Of Sale · CVE-2026-39380
Name of the Vulnerable Software and Affected Versions
Open Source Point of Sale versions prior to 3.4.3
Description
Open Source Point of Sale, a web-based point-of-sale application written in PHP using the CodeIgniter framework, contains a Stored Cross-Site Scripting (XSS) issue in the Stock Locations configuration feature. The application does not properly sanitize user input provided through the `stock location` parameter. This allows attackers to inject malicious JavaScript code that is stored in the database and executed when displayed in the Employees interface.
Recommendations
Update to version 3.4.3 or later.