CVE-2025-70094

Name of the Vulnerable Software and Affected Versions OpenSourcePOS version 3.4.1

Description An issue exists in OpenSourcePOS that allows for the execution of malicious web scripts or HTML. This occurs through a cross-site scripting (XSS) flaw within the Generate Item Barcode function. Specifically, the vulnerability is triggered by injecting a crafted payload into the Item Category parameter.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing the Item Category parameter input to prevent the injection of malicious scripts.