CNNVD-202602-2285 Information

CNNVD ID

CNNVD-202602-2285

Related CVE

CVE-2025-70091

• CNNVD Published: 2026-02-13

Description (Chinese)

opensourcepos是opensourcepos开源的一个销售点系统。 opensourcepos 3.4.1版本存在安全漏洞，该漏洞源于Customers函数对Phone Number参数输入验证不足，可能导致跨站脚本攻击。

Description (English)

Opensourcepos is an open-source marketing point system. There is a security loophole in version 3.4.1 of opensourcepos, which stems from the fact that the Customers function does not have sufficient validation of Phone Number parameters, which may result in a cross-site script attack.

Vulnerability Type

其他

Affected Vendor

opensourcepos

Published

2026-02-13

Last Modified

2026-02-24

References

https://github.com/hungnqdz/cve-research/blob/main/CVE-2025-70091.md https://www.opensourcepos.org

Patch

https://github.com/opensourcepos/opensourcepos/releases