Browse all 7 CVE security advisories affecting opensourcepos. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32712 | Open Source Point of Sale has Stored XSS in Customer Name (Sales) — opensourceposCWE-79 | 5.4 | Medium | 2026-04-07 |
| CVE-2026-39380 | Open Source Point of Sale has Stored XSS in Stock Location (Configuration) — opensourceposCWE-79 | 5.4 | Medium | 2026-04-07 |
| CVE-2026-33730 | Open Source Point of Sale has an IDOR in Password Change (Home) — opensourceposCWE-639 | 6.5 | Medium | 2026-03-27 |
| CVE-2026-32888 | Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Functionality — opensourceposCWE-89 | 8.8 | High | 2026-03-20 |
| CVE-2025-68658 | Open Source Point of Sale (opensourcepos) Stored XSS in Configuration (Information) – Company Name field — opensourceposCWE-79 | 4.3 | Medium | 2026-01-13 |
| CVE-2025-68434 | opensourcepos has Cross-Site Request Forgery vulnerability that leads to Unauthorized Administrator Creation — opensourceposCWE-352 | 8.8 | High | 2025-12-17 |
| CVE-2025-68147 | opensourcepos has a Cross-site Scripting vulnerability — opensourceposCWE-79 | 8.1 | High | 2025-12-17 |
This page lists every published CVE security advisory associated with opensourcepos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.