CNNVD-202601-1961 Information

Jan 13, 2026 cve

CNNVD ID

CNNVD-202601-1961

CVE-2025-68658

CNNVD Published: 2026-01-13

Description (Chinese)

Open Source Point of Sale是opensourcepos开源的一个基于网络的销售点系统。 Open Source Point of Sale 3.4.0版本和3.4.1版本存在跨站脚本漏洞，该漏洞源于配置功能存在存储型跨站脚本，可能导致经过身份验证的用户在更新配置信息时向公司名字段注入恶意JavaScript有效载荷。

Description (English)

Open Source Point of Sale is a web-based marketing point system. Open Source Point of Sale Versions 3.4.0 and 3.4.1 have a cross-site script loophole, which stems from the configuration ’ s existence of a storage-type cross-site script, which may result in a malicious JavaScript payload being injected into the company ’ s name segment by a user with authentication when updating the configuration information.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

opensourcepos

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/opensourcepos/opensourcepos/commit/849439c71eaa4c15857fb7c603297261c2ddc26d https://github.com/opensourcepos/opensourcepos/security/advisories/GHSA-32r8-8r9r-9chw https://access.redhat.com/security/cve/cve-2025-68658

Patch

https://opensourcepos.org/

Share on: