Browse all 7 CVE security advisories affecting opensourcepos. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenSourcePOS serves as a point-of-sale system for retail businesses, managing sales, inventory, and customer data. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and insecure authentication mechanisms. The software's seven recorded CVEs highlight recurring issues in session management and file handling. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for rigorous security hardening and regular updates to mitigate risks for deployed systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32712 | Open Source Point of Sale has Stored XSS in Customer Name (Sales) — opensourceposCWE-79 | 5.4 | Medium | 2026-04-07 |
| CVE-2026-39380 | Open Source Point of Sale has Stored XSS in Stock Location (Configuration) — opensourceposCWE-79 | 5.4 | Medium | 2026-04-07 |
| CVE-2026-33730 | Open Source Point of Sale has an IDOR in Password Change (Home) — opensourceposCWE-639 | 6.5 | Medium | 2026-03-27 |
| CVE-2026-32888 | Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Functionality — opensourceposCWE-89 | 8.8 | High | 2026-03-20 |
| CVE-2025-68658 | Open Source Point of Sale (opensourcepos) Stored XSS in Configuration (Information) – Company Name field — opensourceposCWE-79 | 4.3 | Medium | 2026-01-13 |
| CVE-2025-68434 | opensourcepos has Cross-Site Request Forgery vulnerability that leads to Unauthorized Administrator Creation — opensourceposCWE-352 | 8.8 | High | 2025-12-17 |
| CVE-2025-68147 | opensourcepos has a Cross-site Scripting vulnerability — opensourceposCWE-79 | 8.1 | High | 2025-12-17 |
This page lists every published CVE security advisory associated with opensourcepos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.