CNNVD-202602-2283 Information

CNNVD ID

CNNVD-202602-2283

Related CVE

CVE-2025-70094

• CNNVD Published: 2026-02-13

Description (Chinese)

opensourcepos是opensourcepos开源的一个销售点系统。 OpenSourcePOS 3.4.1版本存在安全漏洞，该漏洞源于Generate Item Barcode函数对Item Category参数输入验证不足，可能导致跨站脚本攻击。

Description (English)

Opensourcepos is an open-source marketing point system. OpensourcePOS 3.4.1 has a security loophole, which stems from the inadequate validation of the Item Category parameter input in the General Item Barcode function, which may result in a cross-site script attack.

Vulnerability Type

其他

Affected Vendor

opensourcepos

Published

2026-02-13

Last Modified

2026-02-24

References

https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70094.md https://github.com/opensourcepos/opensourcepos/pull/4357 https://www.opensourcepos.org

Patch

https://github.com/opensourcepos/opensourcepos/releases