CNNVD-202512-3135 Information

Dec 17, 2025 cve

CNNVD ID

CNNVD-202512-3135

CVE-2025-68434

  • CNNVD Published: 2025-12-17

Description (Chinese)

Open Source Point of Sale是opensourcepos开源的一个基于网络的销售点系统。 Open Source Point of Sale 3.4.2之前版本存在跨站请求伪造漏洞,该漏洞源于CSRF保护机制被显式禁用,可能导致跨站请求伪造攻击。

Description (English)

Open Source Point of Sale is a web-based marketing point system. The previous version of Open Source Point of Sale 3.4.2 had a false breach in the cross-site request, which stemmed from the fact that the CSRF protection mechanism had been significantly banned and could lead to cross-site requests for false attacks.

Hazard Level

Medium

Vulnerability Type

跨站请求伪造

Affected Vendor

opensourcepos

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/opensourcepos/opensourcepos/commit/d575c8da9a1d7af8313a1e758e000e243f5614ef https://github.com/opensourcepos/opensourcepos/pull/4349 https://github.com/Nixon-H/CVE-2025-68434-OSPOS-CSRF-Unauthorized-Administrator-Creation https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-wjm4-hfwg-5w5r https://access.redhat.com/security/cve/cve-2025-68434

Patch

https://opensourcepos.org/

Share on: