CVE-2025-70092

CVSS v3.1

5.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1

Description An issue exists in the Item Kits function that permits the execution of arbitrary web scripts or HTML. This occurs through the injection of a crafted payload into the Item Name parameter. The vulnerability is a cross-site scripting (XSS) issue.

Recommendations Apply a fix to address the vulnerability in the Item Kits function, specifically regarding the handling of the Item Name parameter.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-70092

Affected Products

Opensourcepos

CVE-2025-70092

Weakness Enumeration

Related Identifiers

Affected Products

References · 6