CNNVD-202512-3272 Information

CNNVD ID

CNNVD-202512-3272

Related CVE

CVE-2025-66921

• CNNVD Published: 2025-12-17

Description (Chinese)

Open Source Point of Sale是opensourcepos开源的一个基于网络的销售点系统。 Open Source Point of Sale v3.4.1版本存在安全漏洞，该漏洞源于Create/Update Item(s)模块中name参数处理不当，可能导致跨站脚本攻击。

Description (English)

Open Source Point of Sale is a web-based marketing point system. Open Source Point of Sale v3.4.1 contains a security loophole that stems from the mishandling of name parameters in the Create/Update Item(s) module, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

opensourcepos

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/omkaryepre/vulnerability-research/blob/main/CVE-2025-66921/readme.md https://github.com/opensourcepos/opensourcepos https://access.redhat.com/security/cve/cve-2025-66921

Patch

https://opensourcepos.org/