Opensourcepos Open Source Point Of Sale — known CVE vulnerabilities
Every CVE whose affected-product data names Opensourcepos Open Source Point Of Sale, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2026-26746 — CVSS 8.8 (high): OpenSourcePOS 3.4.1 contains a Local File Inclusion (LFI) vulnerability in the Sales.php::getInvoice() function. An attacker can read…
CVE-2025-68434 — CVSS 8.8 (high): Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in…
CVE-2026-32888 — CVSS 8.8 (high): Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL…
CVE-2025-68147 — CVSS 8.1 (high): Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Starting in…
CVE-2025-63800 — CVSS 7.5 (high): The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to…
CVE-2025-70093 — CVSS 7.4 (high): An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.
CVE-2025-66923 — CVSS 7.2 (high): A Cross-site scripting (XSS) vulnerability in Create/Update Customer(s) in Open Source Point of Sale v3.4.1 allows remote attackers to…
CVE-2022-34578 — CVSS 7.2 (high): Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.
CVE-2025-66921 — CVSS 7.2 (high): A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to…
CVE-2025-70095 — CVSS 6.5 (medium): A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to…
CVE-2025-70094 — CVSS 6.5 (medium): A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute…
CVE-2026-33730 — CVSS 6.5 (medium): Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. Prior to…
CVE-2025-70091 — CVSS 6.5 (medium): A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web…
CVE-2025-66924 — CVSS 6.1 (medium): A Cross-site scripting (XSS) vulnerability in Create/Update Item Kit(s) in Open Source Point of Sale v3.4.1 allows remote attackers to…
CVE-2025-70092 — CVSS 5.5 (medium): A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web…
CVE-2026-32712 — CVSS 5.4 (medium): Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored…
CVE-2026-39380 — CVSS 5.4 (medium): Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored…
CVE-2026-26745 — CVSS 5.3 (medium): OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the…
CVE-2025-68658 — CVSS 4.3 (medium): Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework…